| |
| |||||||
Log-Analyse und Auswertung: Win7, Search Protect + istasurf eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.09.2014, 16:34
| #1 |
 |  Win7, Search Protect + istasurf eingefangen Hallo zusammen. Leider habe ich mir wie in der Beschreibung beschrieben das lästige Search Protect mit istasurf eingefangen und komme nach stunden langer Suche nicht weiter. Deshalb wende ich mich nun an euch und hoffe hier Hilfe zu bekommen. |
|
11.09.2014, 16:37
| #2 |
| /// the machine /// TB-Ausbilder    | Win7, Search Protect + istasurf eingefangen Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
11.09.2014, 16:44
| #3 |
| | Win7, Search Protect + istasurf eingefangenCode:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:06 on 11/09/2014 (Cronix)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Cronix (administrator) on REAVOR on 11-09-2014 17:11:28
Running from C:\Users\Cronix\Desktop\Tools
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) D:\Programme\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Elaborate Bytes AG) D:\Programme\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) D:\Programme\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-24] (Logitech Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Programme\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Programme\Avast\AvastUI.exe [4085896 2014-08-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1561155398-30386077-217878308-1001\...\Run: [Google Update] => C:\Users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-02] (Google Inc.)
HKU\S-1-5-21-1561155398-30386077-217878308-1001\...\MountPoints2: {99061929-d9f1-11e3-b68b-00044b1991c3} - F:\AutoRun.exe
HKU\S-1-5-21-1561155398-30386077-217878308-1001\...\MountPoints2: {9906193c-d9f1-11e3-b68b-00044b1991c3} - F:\AutoRun.exe
HKU\S-1-5-21-1561155398-30386077-217878308-1001\...\MountPoints2: {b884a9ad-29f2-11e2-adc8-00044b1991c3} - G:\setup.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Programme\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4AF9E940FBBDCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.pu-results.info/?l=1&q={searchTerms}&pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.pu-results.info/?l=1&q={searchTerms}&pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9-x64 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.72.40
FireFox:
========
FF ProfilePath: C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default
FF NewTab: hxxp://www.istartsurf.com/newtab/?type=nt&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
FF DefaultSearchEngine: istartsurf
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
FF Keyword.URL: hxxp://websearch.pu-results.info/?pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\searchplugins\WebSearch.xml
FF Extension: Browse2save - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\dzdo@fxhb.net [2013-04-02]
FF Extension: Fast Start - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\faststartff@gmail.com [2014-09-06]
FF Extension: {{EXT_NAME}} - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack [2014-09-10]
FF Extension: Lavasoft Search Plugin - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-02]
FF Extension: SearCyhi-aNeowaTAbb - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\rdveyy@tau.com [2013-04-02]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Programme\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Programme\Avast\WebRep\FF [2012-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com
FF Extension: No Name - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\herman.thorne45@outlook.com [Not Found]
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "https://www.google.de/webhp?sourceid=chrome-instant&rlz=1C1GTPM_deDE530DE530&ion=1&espv=2&ie=UTF-8"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - D:\Programme\Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR Plugin: (Google Update) - C:\Users\Cronix\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (VLC Web Plugin) - D:\Programme\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-02]
CHR Extension: (Google Drive) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-02]
CHR Extension: (Google-Suche) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-02]
CHR Extension: (Logitech SetPoint) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-04-02]
CHR Extension: (Cut the Rope) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-04-02]
CHR Extension: (Fruity Annie) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbacnfobpliffdmiickfhceamljbcnjf [2013-04-02]
CHR Extension: (lipakennkogpodadpikgipnogamhklmk) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2014-09-10]
CHR Extension: (Google Wallet) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-02]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx []
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Programme\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-08]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; D:\Programme\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-06] (Cherished Technololgy LIMITED)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-08] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-02] (GFI Software)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [61088 2012-03-15] (SEIKO EPSON CORPORATION)
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 17:11 - 2014-09-11 17:11 - 00000000 ____D () C:\FRST
2014-09-11 16:59 - 2014-09-11 17:11 - 00000000 ____D () C:\Users\Cronix\Desktop\Tools
2014-09-11 03:00 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:00 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 03:00 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:00 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:00 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:00 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 03:00 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:00 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:00 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:00 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:00 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:00 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:00 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 03:00 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:00 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:00 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:00 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:00 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:00 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:00 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 03:00 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:00 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:00 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 03:00 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:00 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 03:00 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 03:00 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 03:00 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 03:00 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:00 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:00 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 03:00 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 03:00 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:00 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 03:00 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 03:00 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 03:00 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 03:00 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:00 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:00 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:00 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:00 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:00 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 03:00 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 03:00 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 03:00 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:00 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 03:00 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:00 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 03:00 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 03:00 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 03:00 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:00 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 03:00 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 03:00 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:00 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 23:11 - 2014-09-11 03:44 - 00000000 ____D () C:\Windows\rescache
2014-09-10 21:34 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 21:34 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 20:28 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-09 20:28 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-09 20:25 - 2014-09-09 20:25 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 1
2014-09-09 20:23 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-09 20:23 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 20:17 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 20:17 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 20:17 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-09 20:17 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 20:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-09 20:17 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-09 20:17 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-09 20:06 - 2014-09-09 20:06 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 2
2014-09-09 19:52 - 2014-09-09 19:52 - 00003148 _____ () C:\Windows\System32\Tasks\{38F96F6E-C465-43B4-9558-C378A02AFAFE}
2014-09-06 09:03 - 2014-09-11 03:08 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-06 09:03 - 2014-09-09 19:51 - 00000000 ____D () C:\Program Files (x86)\Browsers Apps -
2014-09-06 09:03 - 2014-09-06 09:03 - 00000000 ____D () C:\Users\Cronix\AppData\Local\globalUpdate
2014-09-06 09:01 - 2014-09-09 20:01 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-06 09:01 - 2014-09-06 09:02 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-06 09:01 - 2014-09-06 09:02 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-06 09:01 - 2014-09-06 09:01 - 00000000 ____D () C:\Users\Cronix\Documents\My Cheat Tables
2014-08-27 21:41 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 21:41 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 21:41 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 18:38 - 2014-08-22 18:38 - 00001123 _____ () C:\Users\Cronix\Desktop\Amazon Music.lnk
2014-08-20 21:56 - 2014-08-20 21:56 - 00004728 _____ () C:\Users\Cronix\Desktop\Flitze Feuerzahn.m3u
2014-08-18 20:53 - 2014-08-18 20:53 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 20:53 - 2014-08-18 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 21:35 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 21:35 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 21:35 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 21:35 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 21:35 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 21:35 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 21:35 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 21:35 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 21:32 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 21:32 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 21:32 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 21:32 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 21:32 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 21:32 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 21:32 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 21:32 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 21:32 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 21:32 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 21:32 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 21:32 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 21:27 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 21:27 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 21:27 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 21:27 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 21:27 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 21:27 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 21:27 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 21:27 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 21:27 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 21:27 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 21:26 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 21:26 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 21:24 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 21:24 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 17:11 - 2014-09-11 17:11 - 00000000 ____D () C:\FRST
2014-09-11 17:11 - 2014-09-11 16:59 - 00000000 ____D () C:\Users\Cronix\Desktop\Tools
2014-09-11 17:11 - 2013-04-02 20:15 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001UA.job
2014-09-11 17:11 - 2013-04-02 20:15 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001Core.job
2014-09-11 16:59 - 2012-12-19 18:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 16:49 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 16:49 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 16:44 - 2012-11-08 23:31 - 01928355 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 16:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 16:41 - 2012-11-08 23:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-11 16:41 - 2009-07-14 06:51 - 00025983 _____ () C:\Windows\setupact.log
2014-09-11 08:47 - 2012-11-09 17:17 - 00000000 ____D () C:\Users\Cronix\AppData\Roaming\vlc
2014-09-11 03:44 - 2014-09-10 23:11 - 00000000 ____D () C:\Windows\rescache
2014-09-11 03:08 - 2014-09-06 09:03 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-10 21:38 - 2013-04-02 18:07 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 21:38 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-09-10 21:38 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-09-10 21:38 - 2009-07-14 07:13 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 21:37 - 2013-08-16 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 21:35 - 2012-11-09 01:22 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 21:34 - 2014-05-07 17:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 20:25 - 2014-09-09 20:25 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 1
2014-09-09 20:06 - 2014-09-09 20:06 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 2
2014-09-09 20:01 - 2014-09-06 09:01 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-09 19:53 - 2012-11-08 23:53 - 00000720 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-09 19:53 - 2012-11-08 23:36 - 00001409 _____ () C:\Users\Cronix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-09 19:52 - 2014-09-09 19:52 - 00003148 _____ () C:\Windows\System32\Tasks\{38F96F6E-C465-43B4-9558-C378A02AFAFE}
2014-09-09 19:51 - 2014-09-06 09:03 - 00000000 ____D () C:\Program Files (x86)\Browsers Apps -
2014-09-06 09:23 - 2012-11-08 23:43 - 00372428 _____ () C:\Windows\PFRO.log
2014-09-06 09:03 - 2014-09-06 09:03 - 00000000 ____D () C:\Users\Cronix\AppData\Local\globalUpdate
2014-09-06 09:03 - 2012-12-14 18:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-06 09:02 - 2014-09-06 09:01 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-06 09:02 - 2014-09-06 09:01 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-06 09:01 - 2014-09-06 09:01 - 00000000 ____D () C:\Users\Cronix\Documents\My Cheat Tables
2014-09-06 09:00 - 2012-11-15 22:29 - 00000000 ____D () C:\Windows\pss
2014-09-05 06:05 - 2014-03-05 18:10 - 00000000 ____D () C:\Users\Cronix\AppData\Local\Battle.net
2014-09-05 04:10 - 2014-09-09 20:17 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-09 20:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 19:54 - 2012-12-06 17:02 - 00004144 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-28 03:16 - 2009-07-14 06:45 - 00294680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 04:07 - 2014-08-27 21:41 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 21:41 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 21:41 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 18:38 - 2014-08-22 18:38 - 00001123 _____ () C:\Users\Cronix\Desktop\Amazon Music.lnk
2014-08-20 21:56 - 2014-08-20 21:56 - 00004728 _____ () C:\Users\Cronix\Desktop\Flitze Feuerzahn.m3u
2014-08-19 20:05 - 2014-09-11 03:00 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 03:00 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-11 03:00 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 03:00 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 03:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 03:00 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 03:00 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 03:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 03:00 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-11 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-11 03:00 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 03:00 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 03:00 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 03:00 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 03:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 03:00 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 03:00 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 03:00 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 03:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 03:00 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 03:00 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 03:00 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 03:00 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 03:00 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-11 03:00 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-11 03:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 03:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 03:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 03:00 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 03:00 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-11 03:00 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-11 03:00 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 03:00 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 03:00 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 03:00 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 03:00 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 03:00 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-11 03:00 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-11 03:00 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 20:53 - 2014-08-18 20:53 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 20:53 - 2014-08-18 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-18 20:48 - 2014-04-15 23:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-16 17:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
Some content of TEMP:
====================
C:\Users\Cronix\AppData\Local\Temp\AskSLib.dll
C:\Users\Cronix\AppData\Local\Temp\ce3dead0-68a2-4a82-8530-dc91ebf30aa6.exe
C:\Users\Cronix\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Cronix\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Cronix\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Cronix\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Cronix\AppData\Local\Temp\nvStInst.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-07 21:23
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Cronix at 2014-09-11 17:12:06
Running from C:\Users\Cronix\Desktop\Tools
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{909A791A-DBB0-432F-BC0E-D0C81925E340}) (Version: 4.5.3.4746 - Canneverbe Limited)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
Day of Defeat (HKLM-x32\...\Steam App 30) (Version: - Valve)
Deathmatch Classic (HKLM-x32\...\Steam App 40) (Version: - Valve)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-2530 Series (HKLM-x32\...\WF-2530 Series Netg) (Version: - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free YouTube to MP3 Converter version 3.12.35.514 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.35.514 - DVDVideoSoft Ltd.)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version: - Gearbox)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version: - Gearbox)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
K-Lite Mega Codec Pack 9.6.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.6.5 - )
Logitech Gaming Software (Version: 8.35.18 - Logitech Inc.) Hidden
Logitech Gaming Software 8.35 (HKLM\...\Logitech Gaming Software) (Version: 8.35.18 - Logitech Inc.)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
MotoGP™13 (HKLM-x32\...\Steam App 240600) (Version: - Milestone S.r.l.)
Mozilla Firefox 16.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 16.0.2 (x86 de)) (Version: 16.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0 - Mozilla)
Mozilla Thunderbird 17.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0 (x86 de)) (Version: 17.0 - Mozilla)
Mozilla Thunderbird 17.0.2 (x86 de) (HKCU\...\Mozilla Thunderbird 17.0.2 (x86 de)) (Version: 17.0.2 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7316 - NVIDIA Corporation) Hidden
NVIDIA Grafiktreiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA MediaShield (HKLM-x32\...\{CC452A50-5C87-4A1F-B295-445C3C69BF7D}) (Version: 11.1.0.43 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Ricochet (HKLM-x32\...\Steam App 60) (Version: - Valve)
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
SUPER © v2013.build.56+Recorder (2013/07/07) Version v2013.buil (HKLM-x32\...\{8F3A1F92-C29F-4DF9-8459-B739A4831C69}_is1) (Version: v2013.build.56+Recorder - eRightSoft)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TP-LINK TL-WN821N_WN822N Treiber (HKLM-x32\...\{62FE0726-9652-4CD2-9F09-C769D8699C21}) (Version: 1.2.1 - TP-LINK)
TP-LINK-Konfigurationstool (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.2.1 - TP-LINK)
tRoX's CS Script Pack v2.0 (HKLM-x32\...\tRoX's CS Script Pack v2.0) (Version: - )
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
USB Storage Driver (HKLM-x32\...\GENEUIDE) (Version: - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1561155398-30386077-217878308-1001_Classes\CLSID\{1fa91feb-062d-48df-9a63-be54ab6d9e40}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1561155398-30386077-217878308-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1561155398-30386077-217878308-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1561155398-30386077-217878308-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1561155398-30386077-217878308-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
11-09-2014 01:47:27 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1E1C11AC-A595-4631-99F0-1BAFCF765393} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001UA => C:\Users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-02] (Google Inc.)
Task: {39D14073-A5DA-45AC-AB9B-A54888E14334} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001Core => C:\Users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-02] (Google Inc.)
Task: {901B8695-71C2-4CFF-ADCF-3A2E04CF8D25} - System32\Tasks\elbyExecuteWithUAC => D:\Programme\CloneDVD2\ExecuteWithUAC.exe
Task: {9A23D046-C350-4263-832D-18CAC014B2D5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9F3DD7E8-3A3A-4C0C-8710-7C22D499FBD6} - System32\Tasks\avast! Emergency Update => D:\Programme\Avast\AvastEmUpdate.exe [2014-07-08] (AVAST Software)
Task: {B3E81F77-CFD2-4AF9-B9CF-E777FD31E3CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {E150D9F7-B900-4A14-BE97-2A663829AD64} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001Core.job => C:\Users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001UA.job => C:\Users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-11-08 23:39 - 2013-03-15 06:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-21 12:33 - 2014-09-06 09:01 - 00106376 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2014-08-21 12:32 - 2014-09-06 09:01 - 00733576 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2009-08-10 17:01 - 2009-08-10 17:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-08-10 17:00 - 2009-08-10 17:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-08-10 17:01 - 2009-08-10 17:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2009-08-10 17:01 - 2009-08-10 17:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2014-07-08 13:40 - 2014-07-08 13:40 - 00301152 _____ () D:\Programme\Avast\aswProperty.dll
2014-09-10 21:31 - 2014-09-10 21:31 - 02847744 _____ () D:\Programme\Avast\defs\14091000\algo.dll
2014-09-11 16:42 - 2014-09-11 16:42 - 02862592 _____ () D:\Programme\Avast\defs\14091100\algo.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-21 12:33 - 2014-09-06 09:01 - 00023944 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2014-07-08 13:40 - 2014-07-08 13:40 - 19329904 _____ () D:\Programme\Avast\libcef.dll
2014-09-04 02:15 - 2014-08-30 04:49 - 01098056 _____ () C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-04 02:15 - 2014-08-30 04:49 - 00174408 _____ () C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-04 02:15 - 2014-08-30 04:49 - 08577864 _____ () C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-04 02:15 - 2014-08-30 04:49 - 00331592 _____ () C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-04 02:15 - 2014-08-30 04:49 - 01660232 _____ () C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2014-09-04 02:15 - 2014-08-30 04:49 - 14669128 _____ () C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK-Konfigurationstool.lnk => C:\Windows\pss\TP-LINK-Konfigurationstool.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Cronix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Cronix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Cronix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts App.lnk => C:\Windows\pss\Severe Weather Alerts App.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Cronix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts.lnk => C:\Windows\pss\Severe Weather Alerts.lnk.Startup
MSCONFIG\startupreg: Ad-Aware Antivirus => "D:\Programme\Adaware\AdAwareLauncher" --windows-run
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Cronix\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "D:\Programme\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "D:\Programme\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: WinampAgent => D:\Programme\Winamp\winampa.exe
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/10/2014 11:05:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (09/07/2014 09:23:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (09/06/2014 09:03:14 AM) (Source: MsiInstaller) (EventID: 11309) (User: Reavor)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.
Error: (09/04/2014 11:36:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (09/03/2014 08:39:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (09/02/2014 01:15:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (08/31/2014 09:20:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (08/27/2014 10:02:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (08/25/2014 08:50:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (08/25/2014 08:25:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
System errors:
=============
Error: (09/11/2014 04:44:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (09/11/2014 04:44:05 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (09/11/2014 04:43:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/11/2014 04:41:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Error: (09/11/2014 03:40:32 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (09/11/2014 03:19:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (09/11/2014 03:19:35 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (09/11/2014 03:18:32 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/10/2014 09:59:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (09/10/2014 09:59:45 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
Error: (09/10/2014 11:05:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
Error: (09/07/2014 09:23:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
Error: (09/06/2014 09:03:14 AM) (Source: MsiInstaller) (EventID: 11309) (User: Reavor)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (09/04/2014 11:36:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
Error: (09/03/2014 08:39:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
Error: (09/02/2014 01:15:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
Error: (08/31/2014 09:20:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
Error: (08/27/2014 10:02:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
Error: (08/25/2014 08:50:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
Error: (08/25/2014 08:25:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
Percentage of memory in use: 51%
Total physical RAM: 4094.54 MB
Available physical RAM: 1985.91 MB
Total Pagefile: 8187.26 MB
Available Pagefile: 5726.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:48.83 GB) (Free:4.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:416.92 GB) (Free:267.92 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 40B65AAB)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=416.9 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
11.09.2014, 17:42
| #4 |
| | Win7, Search Protect + istasurf eingefangen Hier das GMER Log in 4 Abschnitten. Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-11 17:19:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005d SAMSUNG_ rev.1AA0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Cronix\AppData\Local\Temp\ufldrpob.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000149e40460
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000149e40450
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000149e40370
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000149e40470
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 0000000149e403e0
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000149e40320
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 0000000149e403b0
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000149e40390
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 0000000149e402e0
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 0000000149e402d0
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000149e40310
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 0000000149e403c0
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 0000000149e403f0
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000149e40230
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000149e40480
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 0000000149e403a0
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 0000000149e402f0
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000149e40350
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000149e40290
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 0000000149e402b0
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 0000000149e403d0
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000149e40330
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000149e40410
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000149e40240
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 0000000149e401e0
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000149e40250
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000149e40490
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 0000000149e404a0
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000149e40300
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000149e40360
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 0000000149e402a0
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 0000000149e402c0
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000149e40380
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000149e40340
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000149e40440
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000149e40260
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000149e40270
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000149e40400
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 0000000149e401f0
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000149e40210
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000149e40200
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000149e40420
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000149e40430
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000149e40220
.text C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000149e40280
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000100040460
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000100040450
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000100040370
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000100040470
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000001000403e0
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000100040320
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000001000403b0
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000100040390
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000001000402e0
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000001000402d0
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000100040310
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000001000403c0
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000001000403f0
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000100040230
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000100040480
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000001000403a0
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000001000402f0
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000100040350
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000100040290
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000001000402b0
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000001000403d0
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000100040330
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000100040410
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000100040240
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000001000401e0
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000100040250
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000100040490
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000001000404a0
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000100040300
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000100040360
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000001000402a0
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000001000402c0
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000100040380
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000100040340
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000100040440
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000100040260
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000100040270
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000100040400
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000001000401f0
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000100040210
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000100040200
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000100040420
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000100040430
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000100040220
.text C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000100040280
.text C:\Windows\system32\wininit.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000149e40460
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000149e40450
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000149e40370
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000149e40470
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 0000000149e403e0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000149e40320
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 0000000149e403b0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000149e40390
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 0000000149e402e0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 0000000149e402d0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000149e40310
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 0000000149e403c0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 0000000149e403f0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000149e40230
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000149e40480
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 0000000149e403a0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 0000000149e402f0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000149e40350
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000149e40290
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 0000000149e402b0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 0000000149e403d0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000149e40330
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000149e40410
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000149e40240
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 0000000149e401e0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000149e40250
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000149e40490
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 0000000149e404a0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000149e40300
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000149e40360
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 0000000149e402a0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 0000000149e402c0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000149e40380
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000149e40340
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000149e40440
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000149e40260
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000149e40270
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000149e40400
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 0000000149e401f0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000149e40210
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000149e40200
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000149e40420
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000149e40430
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000149e40220
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000149e40280
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Windows\system32\services.exe[668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000100040460
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000100040450
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000100040370
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000100040470
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000001000403e0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000100040320
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000001000403b0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000100040390
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000001000402e0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000001000402d0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000100040310
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000001000403c0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000001000403f0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000100040230
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000100040480
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000001000403a0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000001000402f0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000100040350
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000100040290
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000001000402b0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000001000403d0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000100040330
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000100040410
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000100040240
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000001000401e0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000100040250
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000100040490
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000001000404a0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000100040300
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000100040360
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000001000402a0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000001000402c0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000100040380
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000100040340
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000100040440
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000100040260
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000100040270
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000100040400
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000001000401f0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000100040210
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000100040200
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000100040420
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000100040430
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000100040220
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000100040280
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000100060460
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000100060450
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000100060370
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000100060470
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000001000603e0
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000100060320
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000001000603b0
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000100060390
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000001000602e0
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000001000602d0
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000100060310
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000001000603c0
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000001000603f0
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000100060230
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000100060480
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000001000603a0
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000001000602f0
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000100060350
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000100060290
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000001000602b0
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000001000603d0
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000100060330
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000100060410
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000100060240
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000001000601e0
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000100060250
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000100060490
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000001000604a0
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000100060300
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000100060360
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000001000602a0
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000001000602c0
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000100060380
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000100060340
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000100060440
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000100060260
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000100060270
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000100060400
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000001000601f0
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000100060210
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000100060200
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000100060420
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000100060430
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000100060220
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000100060280
.text C:\Windows\system32\nvvsvc.exe[916] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[940] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000750ba2fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx
|
|
11.09.2014, 17:43
| #5 |
| | Win7, Search Protect + istasurf eingefangenCode:
ATTFilter .text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Windows\System32\svchost.exe[480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\Dwm.exe[1560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Windows\Explorer.EXE[1672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys
|
|
11.09.2014, 17:44
| #6 |
| | Win7, Search Protect + istasurf eingefangenCode:
ATTFilter .text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\ProgramData\IePluginServices\PluginService.exe[1172] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000750ba2fd 1 byte [62]
.text C:\ProgramData\IePluginServices\PluginService.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\ProgramData\IePluginServices\PluginService.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Program Files (x86)\SupTab\HpUI.exe[1696] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000750ba2fd 1 byte [62]
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[1552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000100060460
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000100060450
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000100060370
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000100060470
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000001000603e0
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000100060320
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000001000603b0
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000100060390
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000001000602e0
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000001000602d0
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000100060310
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000001000603c0
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000001000603f0
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000100060230
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000100060480
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000001000603a0
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000001000602f0
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000100060350
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000100060290
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000001000602b0
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000001000603d0
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000100060330
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000100060410
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000100060240
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000001000601e0
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000100060250
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000100060490
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000001000604a0
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000100060300
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000100060360
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000001000602a0
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000001000602c0
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000100060380
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000100060340
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000100060440
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000100060260
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000100060270
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000100060400
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000001000601f0
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000100060210
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000100060200
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000100060420
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000100060430
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000100060220
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000100060280
.text C:\Windows\system32\taskhost.exe[2152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2336] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000750ba2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2364] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000750ba2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000100070460
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000100070450
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000100070370
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000100070470
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000001000703e0
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000100070320
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000001000703b0
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000100070390
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000001000702e0
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000001000702d0
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000100070310
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000001000703c0
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000001000703f0
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000100070230
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000100070480
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000001000703a0
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000001000702f0
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000100070350
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000100070290
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000001000702b0
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000001000703d0
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000100070330
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000100070410
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000100070240
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000001000701e0
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000100070250
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000100070490
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000001000704a0
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000100070300
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000100070360
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000001000702a0
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000001000702c0
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000100070380
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000100070340
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000100070440
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000100070260
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000100070270
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000100070400
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000001000701f0
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000100070210
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000100070200
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000100070420
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000100070430
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000100070220
.text C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000100070280
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Program Files (x86)\SupTab\Loader32.exe[2428] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000750ba2fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer
|
|
11.09.2014, 17:45
| #7 |
| | Win7, Search Protect + istasurf eingefangenCode:
ATTFilter .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text D:\Programme\VirtualCloneDrive\VCDDaemon.exe[3456] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000750ba2fd 1 byte [62]
.text D:\Programme\Avast\avastui.exe[3484] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075098791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text D:\Programme\Avast\avastui.exe[3484] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000750ba2fd 1 byte [62]
.text D:\Programme\Avast\avastui.exe[3484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text D:\Programme\Avast\avastui.exe[3484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3500] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000750ba2fd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4000] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000750ba2fd 1 byte [62]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000100070460
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000100070450
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000100070370
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000100070470
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000100070320
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000100070390
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000100070310
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000100070230
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000100070480
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000100070350
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000100070290
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000100070330
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000100070410
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000100070240
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000100070250
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000100070490
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000100070300
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000100070360
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000100070380
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000100070340
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000100070440
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000100070260
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000100070270
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000100070400
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000100070210
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000100070200
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000100070420
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000100070430
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000100070280
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ec1360 5 bytes JMP 0000000077020460
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ec13b0 5 bytes JMP 0000000077020450
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ec1510 5 bytes JMP 0000000077020370
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ec1560 5 bytes JMP 0000000077020470
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ec1570 5 bytes JMP 00000000770203e0
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ec1620 5 bytes JMP 0000000077020320
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ec1650 5 bytes JMP 00000000770203b0
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ec1670 5 bytes JMP 0000000077020390
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ec1730 5 bytes JMP 00000000770202d0
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ec1750 5 bytes JMP 0000000077020310
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ec1790 5 bytes JMP 00000000770203c0
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ec1940 5 bytes JMP 0000000077020230
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ec1b00 5 bytes JMP 0000000077020480
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ec1c20 5 bytes JMP 0000000077020350
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ec1c80 5 bytes JMP 0000000077020290
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ec1d40 5 bytes JMP 0000000077020330
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ec1db0 5 bytes JMP 0000000077020410
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ec1de0 5 bytes JMP 0000000077020240
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ec20a0 5 bytes JMP 00000000770201e0
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ec2160 5 bytes JMP 0000000077020250
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ec2190 5 bytes JMP 0000000077020490
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ec21d0 5 bytes JMP 0000000077020300
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ec21e0 5 bytes JMP 0000000077020360
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ec2240 5 bytes JMP 00000000770202a0
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ec2290 5 bytes JMP 00000000770202c0
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ec22c0 5 bytes JMP 0000000077020380
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ec22d0 5 bytes JMP 0000000077020340
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ec25c0 5 bytes JMP 0000000077020440
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ec27c0 5 bytes JMP 0000000077020260
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ec27d0 5 bytes JMP 0000000077020270
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ec27e0 5 bytes JMP 0000000077020400
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ec29a0 5 bytes JMP 00000000770201f0
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ec29b0 5 bytes JMP 0000000077020210
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ec2a20 5 bytes JMP 0000000077020200
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ec2a80 5 bytes JMP 0000000077020420
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ec2a90 5 bytes JMP 0000000077020430
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ec2b80 5 bytes JMP 0000000077020280
.text C:\Windows\System32\svchost.exe[2344] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076daef8d 1 byte [62]
.text C:\Users\Cronix\Desktop\Tools\Gmer-19357.exe[4948] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000750ba2fd 1 byte [62]
---- EOF - GMER 2.1 ----
|
|
12.09.2014, 10:55
| #8 |
| /// the machine /// TB-Ausbilder | Win7, Search Protect + istasurf eingefangen hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.09.2014, 16:53
| #9 |
| | Win7, Search Protect + istasurf eingefangenCode:
ATTFilter ComboFix 14-09-12.01 - Cronix 12.09.2014 17:41:15.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2618 [GMT 2:00]
ausgeführt von:: c:\users\Cronix\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\dzdo@fxhb.net
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\dzdo@fxhb.net\bootstrap.js
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\dzdo@fxhb.net\chrome.manifest
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\dzdo@fxhb.net\content\zy.xul
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\dzdo@fxhb.net\install.rdf
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\rdveyy@tau.com
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\rdveyy@tau.com\bootstrap.js
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\rdveyy@tau.com\chrome.manifest
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\rdveyy@tau.com\content\zy.xul
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\rdveyy@tau.com\install.rdf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-08-12 bis 2014-09-12 ))))))))))))))))))))))))))))))
.
.
2014-09-12 15:46 . 2014-09-12 15:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-09-12 15:46 . 2014-09-12 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-12 15:43 . 2014-09-12 15:43 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10B79095-0DCD-4A94-83F4-DB67CB67521F}\offreg.dll
2014-09-11 15:11 . 2014-09-11 15:12 -------- d-----w- C:\FRST
2014-09-10 21:11 . 2014-09-11 01:44 -------- d-----w- c:\windows\rescache
2014-09-10 19:34 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 19:34 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-09 18:28 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-09 18:28 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-09 18:23 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-09 18:23 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-09 18:17 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-09 18:17 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-09 18:17 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-09 18:17 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-09 18:17 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-09 18:17 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-09 18:17 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-09 18:14 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10B79095-0DCD-4A94-83F4-DB67CB67521F}\mpengine.dll
2014-09-06 07:03 . 2014-09-11 01:08 -------- d-----w- c:\program files (x86)\globalUpdate
2014-09-06 07:03 . 2014-09-06 07:03 -------- d-----w- c:\users\Cronix\AppData\Local\globalUpdate
2014-09-06 07:03 . 2014-09-09 17:51 -------- d-----w- c:\program files (x86)\Browsers Apps -
2014-09-06 07:01 . 2014-09-06 07:02 -------- d-----w- c:\programdata\IePluginServices
2014-09-06 07:01 . 2014-09-09 18:01 -------- d-----w- c:\programdata\WindowsMangerProtect
2014-09-06 07:01 . 2014-09-06 07:02 -------- d-----w- c:\program files (x86)\SupTab
2014-08-27 19:41 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-27 19:41 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-27 19:41 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-22 16:38 . 2014-08-22 16:38 -------- d-----w- c:\users\Cronix\AppData\Local\Amazon Music
2014-08-18 18:53 . 2014-08-18 18:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-18 18:53 . 2014-08-18 18:53 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-14 19:35 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 19:35 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 19:35 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-14 19:35 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-14 19:35 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 19:35 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-14 19:35 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 19:35 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 19:32 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-14 19:32 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-14 19:32 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-14 19:32 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-14 19:32 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-14 19:32 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-14 19:32 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-14 19:27 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-14 19:27 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-14 19:27 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-08-14 19:27 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-08-14 19:27 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-14 19:27 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-14 19:27 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-08-14 19:27 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-08-14 19:27 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-14 19:27 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-14 19:26 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-14 19:24 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 19:24 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 19:35 . 2012-11-08 23:22 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-08-05 07:20 . 2012-12-30 14:56 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-09 17:00 . 2012-11-08 22:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 17:00 . 2012-11-08 22:00 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-08 11:40 . 2012-12-06 15:02 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-08 11:40 . 2014-04-29 15:52 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-08 11:40 . 2014-01-09 16:02 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-08 11:40 . 2013-04-02 16:31 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-08 11:40 . 2013-04-02 16:31 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-08 11:40 . 2012-12-06 15:02 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-08 11:40 . 2012-12-06 15:02 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-08 11:40 . 2012-12-06 15:02 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-08 11:40 . 2012-12-06 15:02 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-08 11:40 . 2014-07-08 11:40 43152 ----a-w- c:\windows\avastSS.scr
2014-06-18 02:18 . 2014-07-18 16:32 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-18 16:32 646144 ----a-w- c:\windows\SysWow64\osk.exe
2009-09-27 07:39 369152 --sh--w- c:\windows\SysWOW64\avisynth.dll
2005-07-14 10:31 32256 --sh--w- c:\windows\SysWOW64\AVSredirect.dll
2004-02-22 08:11 719872 --sh--w- c:\windows\SysWOW64\devil.dll
2006-05-03 09:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\i420vfw.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2011-02-11 09:26 112128 --sha-r- c:\windows\SysWOW64\OptimFROG.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
2012-10-05 17:54 188416 --sha-r- c:\windows\SysWOW64\winDCE32.dll
2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\yv12vfw.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-09-06 07:01 515464 ----a-w- c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="d:\programme\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"AvastUI.exe"="d:\programme\Avast\AvastUI.exe" [2014-08-02 4085896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe;c:\programdata\IePluginServices\PluginService.exe [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-08 17:00]
.
2014-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001Core.job
- c:\users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-02 18:15]
.
2014-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001UA.job
- c:\users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-02 18:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-08 11:40 634872 ----a-w- d:\programme\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
mDefault_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
mDefault_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
mStart Page = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.72.40
FF - ProfilePath - c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE&l=1&q=
FF - prefs.js: browser.search.selectedEngine - istartsurf
FF - prefs.js: browser.startup.homepage - hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE&l=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{0723E272-F87E-16C9-AA14-EE337D5EDFF3} - c:\progra~4\INSTAL~1\{9870F~1\Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1561155398-30386077-217878308-1001\Software\SecuROM\License information*]
"datasecu"=hex:ae,dd,17,2d,c1,9f,5e,47,e6,73,0f,c1,3a,c3,7c,61,d2,22,07,dc,9c,
da,8e,a5,a3,1b,dd,70,d4,c7,78,28,2d,cd,13,76,49,e2,83,7d,3f,36,bc,2b,f7,72,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-12 17:48:38
ComboFix-quarantined-files.txt 2014-09-12 15:48
.
Vor Suchlauf: 4.795.072.512 Bytes frei
Nach Suchlauf: 7.801.458.688 Bytes frei
.
- - End Of File - - 76F6EA7E72F8A303C8946E5600CB5EA1
A36C5E4F47E84449FF07ED3517B43A31
|
|
13.09.2014, 15:16
| #10 |
| /// the machine /// TB-Ausbilder | Win7, Search Protect + istasurf eingefangen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.09.2014, 16:04
| #11 |
| | Win7, Search Protect + istasurf eingefangenCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.09.2014 Suchlauf-Zeit: 16:41:49 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.13.02 Rootkit Datenbank: v2014.09.12.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Cronix Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 353698 Verstrichene Zeit: 7 Min, 0 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 4 PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1820, Löschen bei Neustart, [72b4e9044734c96de8140461a55c04fc] PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, 1872, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808] PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, 2056, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808] PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, 1700, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808] Module: 15 PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], Registrierungsschlüssel: 29 PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantäne, [72b4e9044734c96de8140461a55c04fc], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}, In Quarantäne, [3de907e68af1a1956b2ee5d70cf60af6], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DF84E609-C3A4-49CB-A160-61767DAF8899}, In Quarantäne, [3de907e68af1a1956b2ee5d70cf60af6], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [43e3ba337a01fb3b225ba2b063a19a66], PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [3aecb7361368a492eb89ac5634cf966a], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [a185836ab7c42313678beb7b09fb25db], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [c363ca23532840f6258ca15f798a768a], PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [ad799657c0bbf14594e9282a966e27d9], PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [ce5848a5d3a8b680c9db640439cb2bd5], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, [7bab36b73c3f9c9a3a43a65aa55ef10f], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [fb2b3db0b4c7a492634d9b65eb188977], PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, In Quarantäne, [11157776324973c38e4e9179aa5932ce], PUP.Optional.BrowsersApp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browsers Apps -, In Quarantäne, [ee38ae3f3d3edf57a0a8788d33d033cd], PUP.Optional.WebSearches.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantäne, [d353a04d4734ef473f2f1ce657ac39c7], PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [0a1c8667007b8ea8c92731cab05206fa], PUP.Optional.Qone8, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [9c8a18d54833c57133499ab85fa5f709], PUP.Optional.WebSearchInfo, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [1412e5087209c86efd0c173ec63ef60a], PUP.Optional.FastStart.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [96909b52007bf0467e235ba2a45e0000], Registrierungswerte: 4 PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com, In Quarantäne, [c660668787f4c571ff0b8bdb42c249b7] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, In Quarantäne, [7bab36b73c3f9c9a3a43a65aa55ef10f] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, tugs, In Quarantäne, [fb2b3db0b4c7a492634d9b65eb188977] PUP.Optional.FastStart.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [96909b52007bf0467e235ba2a45e0000] Registrierungsdaten: 9 PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (firefox.exe), Schlecht: (D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[d155f9f4cead6fc72c0db43d9b6931cf] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[32f449a46a11db5b56dcca2735cf13ed] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[161040ade992f73fc4876e8e996b966a] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (firefox.exe), Schlecht: (D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[32f4d71614675fd7ab8e10e12ed60df3] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}),Ersetzt,[05217f6e69123cfa052bb73a758f37c9] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[0a1c24c99ddec86e5dd11fd240c4e51b] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[cc5ae805e992ee488da51ed321e322de] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[a08624c9daa11f177ccf5aa236cefa06] PUP.Optional.IStartSurf.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[ac7aeb025229211580b3e60baa5a20e0] Ordner: 66 PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Löschen bei Neustart, [dc4a2fbe344700367c38a0450bf711ef], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [dc4a2fbe344700367c38a0450bf711ef], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en-US, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es-419, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pl, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\tr, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\vi, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.BrowsersApp.A, C:\Program Files (x86)\Browsers Apps -, In Quarantäne, [78ae9c51156639fd971c737c20e215eb], Dateien: 141 PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [72b4e9044734c96de8140461a55c04fc], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [1d095994d9a22b0b1a5ab2e340c1b44c], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [4bdbc4291269082e6b09a7ee847d7090], PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [82a431bcc7b4e056e4bd0177758c3cc4], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [35f1f3fa6516f24471036134e21fa957], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [64c26d805c1f58de650f5342a1607c84], PUP.Optional.IePluginService.A, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, In Quarantäne, [cc5a09e4ccafa88ede1ea3c2d9284bb5], PUP.Optional.InstallCore, C:\Users\Cronix\Downloads\updatestardriverslb_DE.exe, In Quarantäne, [71b529c4d6a5999dd6ed9645d62e04fc], PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater\Updater.xml, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater\status.cfg, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], PUP.Optional.SelectNGo.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Löschen bei Neustart, [6abc925b5724dc5a2b16cf4690735da3], PUP.Optional.SelectNGo.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Löschen bei Neustart, [e541effef18a9c9a58e9cb4aa55e4db3], PUP.Optional.LiveLyrics.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [31f589646a1169cd118091859d66f60a], PUP.Optional.LiveLyrics.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [83a3a944631879bdf69ba76fe221867a], PUP.Optional.Superfish.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [d94d38b50e6dac8afa9af8200cf7ff01], PUP.Optional.Superfish.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [35f1a24b0774ca6ccdc7b662976cca36], PUP.Optional.WebSearch.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\searchplugins\WebSearch.xml, In Quarantäne, [ae7800ed9cdf3ff708ab7da94bb86b95], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [dc4a2fbe344700367c38a0450bf711ef], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome.manifest, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\install.rdf, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\index.html, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\style.css, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\addonmanager.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\aes.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\config.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\dialogs.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\last_tab.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\misc.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\properties.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\remoterequest.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\settings.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-06[09-01-40-352].log, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.BrowsersApp.A, C:\Program Files (x86)\Browsers Apps -\Uninstall.exe, In Quarantäne, [78ae9c51156639fd971c737c20e215eb], PUP.Optional.IStartSurf.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C");), Ersetzt,[32f4727b3f3c033383532b02a2636f91] PUP.Optional.IStartSurf.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.istartsurf.com/newtab/?type=nt&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C");), Ersetzt,[0f172cc14f2c7fb743942a039c69669a] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 13/09/2014 um 16:59:17
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Cronix - REAVOR
# Gestartet von : C:\Users\Cronix\Downloads\adwcleaner_3.310.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\adawaretb
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Users\Cronix\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Cronix\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\Cronix\AppData\Roaming\Betcat
Ordner Gelöscht : C:\Users\Cronix\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\adawaretb
Datei Gelöscht : C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\adawaretb
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\SP Global
Schlüssel Gelöscht : HKLM\SOFTWARE\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v16.0.2 (de)
[ Datei : C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "istartsurf");
Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE&l=1&q=");
Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");
Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "istartsurf");
Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
Zeile gelöscht : user_pref("extensions.515b0ac07507c.scode", "objec2string=function(b){return\"{\"+function(b){var e=[],c,f;for(f in b)b.hasOwnProperty(f)&&(c=b[f],e[e.length]=c&&\"object\"==typeof c?f+\":{ \"+argumen[...]
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE&l=1&q=");
-\\ Google Chrome v
[ Datei : C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [5099 octets] - [13/09/2014 16:56:25]
AdwCleaner[S0].txt - [4752 octets] - [13/09/2014 16:59:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4812 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.09.2014 Suchlauf-Zeit: 16:41:49 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.13.02 Rootkit Datenbank: v2014.09.12.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Cronix Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 353698 Verstrichene Zeit: 7 Min, 0 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 4 PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1820, Löschen bei Neustart, [72b4e9044734c96de8140461a55c04fc] PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, 1872, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808] PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, 2056, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808] PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, 1700, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808] Module: 15 PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], Registrierungsschlüssel: 29 PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantäne, [72b4e9044734c96de8140461a55c04fc], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}, In Quarantäne, [3de907e68af1a1956b2ee5d70cf60af6], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DF84E609-C3A4-49CB-A160-61767DAF8899}, In Quarantäne, [3de907e68af1a1956b2ee5d70cf60af6], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [43e3ba337a01fb3b225ba2b063a19a66], PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [3aecb7361368a492eb89ac5634cf966a], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [a185836ab7c42313678beb7b09fb25db], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [c363ca23532840f6258ca15f798a768a], PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [ad799657c0bbf14594e9282a966e27d9], PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [ce5848a5d3a8b680c9db640439cb2bd5], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, [7bab36b73c3f9c9a3a43a65aa55ef10f], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [fb2b3db0b4c7a492634d9b65eb188977], PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, In Quarantäne, [11157776324973c38e4e9179aa5932ce], PUP.Optional.BrowsersApp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browsers Apps -, In Quarantäne, [ee38ae3f3d3edf57a0a8788d33d033cd], PUP.Optional.WebSearches.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantäne, [d353a04d4734ef473f2f1ce657ac39c7], PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [0a1c8667007b8ea8c92731cab05206fa], PUP.Optional.Qone8, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [9c8a18d54833c57133499ab85fa5f709], PUP.Optional.WebSearchInfo, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [1412e5087209c86efd0c173ec63ef60a], PUP.Optional.FastStart.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [96909b52007bf0467e235ba2a45e0000], Registrierungswerte: 4 PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com, In Quarantäne, [c660668787f4c571ff0b8bdb42c249b7] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, In Quarantäne, [7bab36b73c3f9c9a3a43a65aa55ef10f] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, tugs, In Quarantäne, [fb2b3db0b4c7a492634d9b65eb188977] PUP.Optional.FastStart.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [96909b52007bf0467e235ba2a45e0000] Registrierungsdaten: 9 PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (firefox.exe), Schlecht: (D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[d155f9f4cead6fc72c0db43d9b6931cf] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[32f449a46a11db5b56dcca2735cf13ed] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[161040ade992f73fc4876e8e996b966a] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (firefox.exe), Schlecht: (D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[32f4d71614675fd7ab8e10e12ed60df3] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}),Ersetzt,[05217f6e69123cfa052bb73a758f37c9] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[0a1c24c99ddec86e5dd11fd240c4e51b] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[cc5ae805e992ee488da51ed321e322de] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[a08624c9daa11f177ccf5aa236cefa06] PUP.Optional.IStartSurf.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[ac7aeb025229211580b3e60baa5a20e0] Ordner: 66 PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Löschen bei Neustart, [dc4a2fbe344700367c38a0450bf711ef], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [dc4a2fbe344700367c38a0450bf711ef], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en-US, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es-419, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pl, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\tr, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\vi, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.BrowsersApp.A, C:\Program Files (x86)\Browsers Apps -, In Quarantäne, [78ae9c51156639fd971c737c20e215eb], Dateien: 141 PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [72b4e9044734c96de8140461a55c04fc], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [1d095994d9a22b0b1a5ab2e340c1b44c], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [4bdbc4291269082e6b09a7ee847d7090], PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [82a431bcc7b4e056e4bd0177758c3cc4], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [35f1f3fa6516f24471036134e21fa957], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [64c26d805c1f58de650f5342a1607c84], PUP.Optional.IePluginService.A, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, In Quarantäne, [cc5a09e4ccafa88ede1ea3c2d9284bb5], PUP.Optional.InstallCore, C:\Users\Cronix\Downloads\updatestardriverslb_DE.exe, In Quarantäne, [71b529c4d6a5999dd6ed9645d62e04fc], PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater\Updater.xml, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater\status.cfg, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], PUP.Optional.SelectNGo.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Löschen bei Neustart, [6abc925b5724dc5a2b16cf4690735da3], PUP.Optional.SelectNGo.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Löschen bei Neustart, [e541effef18a9c9a58e9cb4aa55e4db3], PUP.Optional.LiveLyrics.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [31f589646a1169cd118091859d66f60a], PUP.Optional.LiveLyrics.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [83a3a944631879bdf69ba76fe221867a], PUP.Optional.Superfish.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [d94d38b50e6dac8afa9af8200cf7ff01], PUP.Optional.Superfish.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [35f1a24b0774ca6ccdc7b662976cca36], PUP.Optional.WebSearch.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\searchplugins\WebSearch.xml, In Quarantäne, [ae7800ed9cdf3ff708ab7da94bb86b95], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [dc4a2fbe344700367c38a0450bf711ef], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome.manifest, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\install.rdf, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\index.html, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\style.css, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\addonmanager.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\aes.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\config.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\dialogs.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\last_tab.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\misc.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\properties.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\remoterequest.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\settings.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-06[09-01-40-352].log, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.BrowsersApp.A, C:\Program Files (x86)\Browsers Apps -\Uninstall.exe, In Quarantäne, [78ae9c51156639fd971c737c20e215eb], PUP.Optional.IStartSurf.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C");), Ersetzt,[32f4727b3f3c033383532b02a2636f91] PUP.Optional.IStartSurf.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.istartsurf.com/newtab/?type=nt&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C");), Ersetzt,[0f172cc14f2c7fb743942a039c69669a] Physische Sektoren: 0 (No malicious items detected) (end) |
|
13.09.2014, 16:24
| #12 |
| | Win7, Search Protect + istasurf eingefangenCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.09.2014 Suchlauf-Zeit: 16:41:49 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.13.02 Rootkit Datenbank: v2014.09.12.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Cronix Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 353698 Verstrichene Zeit: 7 Min, 0 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 4 PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1820, Löschen bei Neustart, [72b4e9044734c96de8140461a55c04fc] PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, 1872, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808] PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, 2056, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808] PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, 1700, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808] Module: 15 PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], Registrierungsschlüssel: 29 PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantäne, [72b4e9044734c96de8140461a55c04fc], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}, In Quarantäne, [3de907e68af1a1956b2ee5d70cf60af6], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DF84E609-C3A4-49CB-A160-61767DAF8899}, In Quarantäne, [3de907e68af1a1956b2ee5d70cf60af6], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [43e3ba337a01fb3b225ba2b063a19a66], PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [3aecb7361368a492eb89ac5634cf966a], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [a185836ab7c42313678beb7b09fb25db], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [c363ca23532840f6258ca15f798a768a], PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [ad799657c0bbf14594e9282a966e27d9], PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [ce5848a5d3a8b680c9db640439cb2bd5], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, [7bab36b73c3f9c9a3a43a65aa55ef10f], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [fb2b3db0b4c7a492634d9b65eb188977], PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, In Quarantäne, [11157776324973c38e4e9179aa5932ce], PUP.Optional.BrowsersApp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browsers Apps -, In Quarantäne, [ee38ae3f3d3edf57a0a8788d33d033cd], PUP.Optional.WebSearches.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantäne, [d353a04d4734ef473f2f1ce657ac39c7], PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [0a1c8667007b8ea8c92731cab05206fa], PUP.Optional.Qone8, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [9c8a18d54833c57133499ab85fa5f709], PUP.Optional.WebSearchInfo, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [1412e5087209c86efd0c173ec63ef60a], PUP.Optional.FastStart.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [96909b52007bf0467e235ba2a45e0000], Registrierungswerte: 4 PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com, In Quarantäne, [c660668787f4c571ff0b8bdb42c249b7] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, In Quarantäne, [7bab36b73c3f9c9a3a43a65aa55ef10f] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, tugs, In Quarantäne, [fb2b3db0b4c7a492634d9b65eb188977] PUP.Optional.FastStart.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [96909b52007bf0467e235ba2a45e0000] Registrierungsdaten: 9 PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (firefox.exe), Schlecht: (D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[d155f9f4cead6fc72c0db43d9b6931cf] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[32f449a46a11db5b56dcca2735cf13ed] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[161040ade992f73fc4876e8e996b966a] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (firefox.exe), Schlecht: (D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[32f4d71614675fd7ab8e10e12ed60df3] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}),Ersetzt,[05217f6e69123cfa052bb73a758f37c9] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[0a1c24c99ddec86e5dd11fd240c4e51b] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[cc5ae805e992ee488da51ed321e322de] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[a08624c9daa11f177ccf5aa236cefa06] PUP.Optional.IStartSurf.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[ac7aeb025229211580b3e60baa5a20e0] Ordner: 66 PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Löschen bei Neustart, [dc4a2fbe344700367c38a0450bf711ef], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [dc4a2fbe344700367c38a0450bf711ef], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en-US, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es-419, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pl, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\tr, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\vi, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.BrowsersApp.A, C:\Program Files (x86)\Browsers Apps -, In Quarantäne, [78ae9c51156639fd971c737c20e215eb], Dateien: 141 PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [72b4e9044734c96de8140461a55c04fc], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [1d095994d9a22b0b1a5ab2e340c1b44c], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [4bdbc4291269082e6b09a7ee847d7090], PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [82a431bcc7b4e056e4bd0177758c3cc4], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [35f1f3fa6516f24471036134e21fa957], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [64c26d805c1f58de650f5342a1607c84], PUP.Optional.IePluginService.A, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, In Quarantäne, [cc5a09e4ccafa88ede1ea3c2d9284bb5], PUP.Optional.InstallCore, C:\Users\Cronix\Downloads\updatestardriverslb_DE.exe, In Quarantäne, [71b529c4d6a5999dd6ed9645d62e04fc], PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater\Updater.xml, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater\status.cfg, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], PUP.Optional.SelectNGo.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Löschen bei Neustart, [6abc925b5724dc5a2b16cf4690735da3], PUP.Optional.SelectNGo.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Löschen bei Neustart, [e541effef18a9c9a58e9cb4aa55e4db3], PUP.Optional.LiveLyrics.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [31f589646a1169cd118091859d66f60a], PUP.Optional.LiveLyrics.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [83a3a944631879bdf69ba76fe221867a], PUP.Optional.Superfish.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [d94d38b50e6dac8afa9af8200cf7ff01], PUP.Optional.Superfish.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [35f1a24b0774ca6ccdc7b662976cca36], PUP.Optional.WebSearch.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\searchplugins\WebSearch.xml, In Quarantäne, [ae7800ed9cdf3ff708ab7da94bb86b95], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [dc4a2fbe344700367c38a0450bf711ef], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome.manifest, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\install.rdf, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\index.html, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\style.css, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\addonmanager.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\aes.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\config.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\dialogs.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\last_tab.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\misc.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\properties.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\remoterequest.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\settings.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-06[09-01-40-352].log, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], PUP.Optional.BrowsersApp.A, C:\Program Files (x86)\Browsers Apps -\Uninstall.exe, In Quarantäne, [78ae9c51156639fd971c737c20e215eb], PUP.Optional.IStartSurf.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C");), Ersetzt,[32f4727b3f3c033383532b02a2636f91] PUP.Optional.IStartSurf.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.istartsurf.com/newtab/?type=nt&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C");), Ersetzt,[0f172cc14f2c7fb743942a039c69669a] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 13/09/2014 um 16:59:17
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Cronix - REAVOR
# Gestartet von : C:\Users\Cronix\Downloads\adwcleaner_3.310.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\adawaretb
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Users\Cronix\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Cronix\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\Cronix\AppData\Roaming\Betcat
Ordner Gelöscht : C:\Users\Cronix\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\adawaretb
Datei Gelöscht : C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\adawaretb
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\SP Global
Schlüssel Gelöscht : HKLM\SOFTWARE\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v16.0.2 (de)
[ Datei : C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "istartsurf");
Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE&l=1&q=");
Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");
Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "istartsurf");
Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
Zeile gelöscht : user_pref("extensions.515b0ac07507c.scode", "objec2string=function(b){return\"{\"+function(b){var e=[],c,f;for(f in b)b.hasOwnProperty(f)&&(c=b[f],e[e.length]=c&&\"object\"==typeof c?f+\":{ \"+argumen[...]
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE&l=1&q=");
-\\ Google Chrome v
[ Datei : C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [5099 octets] - [13/09/2014 16:56:25]
AdwCleaner[S0].txt - [4752 octets] - [13/09/2014 16:59:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4812 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Cronix on 13.09.2014 at 17:12:37,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.09.2014 at 17:15:55,16
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014 Ran by Cronix (administrator) on REAVOR on 13-09-2014 17:23:10 Running from C:\Users\Cronix\Desktop\Tools Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) D:\Programme\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Elaborate Bytes AG) D:\Programme\VirtualCloneDrive\VCDDaemon.exe (AVAST Software) D:\Programme\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-24] (Logitech Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Programme\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [AvastUI.exe] => D:\Programme\Avast\AvastUI.exe [4085896 2014-08-02] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Programme\Avast\ashShA64.dll (AVAST Software) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4AF9E940FBBDCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.72.40 FireFox: ======== FF ProfilePath: C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> D:\Programme\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF Extension: {{EXT_NAME}} - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack [2014-09-10] FF Extension: Lavasoft Search Plugin - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-02] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-09] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Programme\Avast\WebRep\FF FF Extension: avast! Online Security - D:\Programme\Avast\WebRep\FF [2012-12-06] FF Extension: No Name - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com [Not Found] FF Extension: No Name - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\herman.thorne45@outlook.com [Not Found] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> CHR StartupUrls: Default -> "https://www.google.de/webhp?sourceid=chrome-instant&rlz=1C1GTPM_deDE530DE530&ion=1&espv=2&ie=UTF-8" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Winamp Application Detector) - D:\Programme\Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () CHR Plugin: (Google Update) - C:\Users\Cronix\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (VLC Web Plugin) - D:\Programme\VLC\npvlc.dll (VideoLAN) CHR Plugin: (iTunes Application Detector) - D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () CHR Profile: C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-02] CHR Extension: (Google Drive) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-02] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04] CHR Extension: (YouTube) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-02] CHR Extension: (Google-Suche) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-02] CHR Extension: (Logitech SetPoint) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-04-02] CHR Extension: (Cut the Rope) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-04-02] CHR Extension: (Fruity Annie) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbacnfobpliffdmiickfhceamljbcnjf [2013-04-02] CHR Extension: (lipakennkogpodadpikgipnogamhklmk) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2014-09-10] CHR Extension: (Google Wallet) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Google Mail) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-02] CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-09] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Programme\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-08] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; D:\Programme\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] () R2 MBAMScheduler; D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-08] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-08] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-08] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-08] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-08] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-08] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-08] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-08] () R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-02] (GFI Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-13] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [61088 2012-03-15] (SEIKO EPSON CORPORATION) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-13 17:15 - 2014-09-13 17:15 - 00000764 _____ () C:\Users\Cronix\Desktop\JRT.txt 2014-09-13 17:08 - 2014-09-13 17:08 - 00000000 ____D () C:\Windows\ERUNT 2014-09-13 16:56 - 2014-09-13 16:59 - 00000000 ____D () C:\AdwCleaner 2014-09-13 16:56 - 2014-09-13 16:56 - 01373475 _____ () C:\Users\Cronix\Downloads\adwcleaner_3.310.exe 2014-09-13 16:40 - 2014-09-13 17:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-13 16:40 - 2014-09-13 16:40 - 00000731 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-13 16:40 - 2014-09-13 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-13 16:40 - 2014-09-13 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-13 16:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-13 16:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-13 16:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-12 21:22 - 2014-09-12 21:22 - 00000000 ____D () C:\Users\Cronix\AppData\Roaming\dvdcss 2014-09-12 17:48 - 2014-09-12 17:48 - 00018061 _____ () C:\Users\Cronix\Desktop\ComboFix.txt 2014-09-12 17:39 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-12 17:39 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-12 17:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-12 17:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-12 17:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-12 17:39 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-12 17:39 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-12 17:39 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-12 17:37 - 2014-09-12 17:48 - 00000000 ____D () C:\Qoobox 2014-09-12 17:37 - 2014-09-12 17:47 - 00000000 ____D () C:\Windows\erdnt 2014-09-12 17:33 - 2014-09-12 17:35 - 05577449 ____R (Swearware) C:\Users\Cronix\Desktop\ComboFix.exe 2014-09-11 17:30 - 2014-09-11 17:31 - 01110476 _____ () C:\Users\Cronix\Downloads\7z920.exe 2014-09-11 17:11 - 2014-09-13 17:23 - 00000000 ____D () C:\FRST 2014-09-11 16:59 - 2014-09-13 17:23 - 00000000 ____D () C:\Users\Cronix\Desktop\Tools 2014-09-11 03:00 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-11 03:00 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-11 03:00 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 03:00 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 03:00 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-11 03:00 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-11 03:00 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 03:00 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-11 03:00 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-11 03:00 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-11 03:00 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-11 03:00 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-11 03:00 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-11 03:00 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 03:00 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-11 03:00 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 03:00 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-11 03:00 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 03:00 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-11 03:00 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-11 03:00 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-11 03:00 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-11 03:00 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-11 03:00 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-11 03:00 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-11 03:00 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-11 03:00 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-11 03:00 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-11 03:00 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-11 03:00 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 03:00 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-11 03:00 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-11 03:00 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-11 03:00 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-11 03:00 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-11 03:00 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-11 03:00 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-11 03:00 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 03:00 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-11 03:00 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 03:00 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-11 03:00 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-11 03:00 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-11 03:00 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-11 03:00 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-11 03:00 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 03:00 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-11 03:00 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 03:00 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-11 03:00 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-11 03:00 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-11 03:00 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 03:00 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-11 03:00 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-11 03:00 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-11 03:00 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-10 23:11 - 2014-09-11 03:44 - 00000000 ____D () C:\Windows\rescache 2014-09-10 21:34 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 21:34 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-09 20:28 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-09 20:28 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-09 20:25 - 2014-09-09 20:25 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 1 2014-09-09 20:23 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-09 20:23 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-09 20:17 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-09 20:17 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-09 20:17 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-09 20:17 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-09 20:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-09 20:17 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-09 20:17 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-09 20:06 - 2014-09-09 20:06 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 2 2014-09-09 19:52 - 2014-09-09 19:52 - 00003148 _____ () C:\Windows\System32\Tasks\{38F96F6E-C465-43B4-9558-C378A02AFAFE} 2014-09-06 09:01 - 2014-09-06 09:01 - 00000000 ____D () C:\Users\Cronix\Documents\My Cheat Tables 2014-08-27 21:41 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-27 21:41 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-27 21:41 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-22 18:38 - 2014-08-22 18:38 - 00001123 _____ () C:\Users\Cronix\Desktop\Amazon Music.lnk 2014-08-20 21:56 - 2014-08-20 21:56 - 00004728 _____ () C:\Users\Cronix\Desktop\Flitze Feuerzahn.m3u 2014-08-18 20:53 - 2014-08-18 20:53 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-18 20:53 - 2014-08-18 20:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-18 20:53 - 2014-08-18 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-14 21:35 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-14 21:35 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-14 21:35 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-14 21:35 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-14 21:35 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-14 21:35 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-14 21:35 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-14 21:35 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-14 21:32 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-14 21:32 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-14 21:32 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-14 21:32 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-14 21:32 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-14 21:32 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-08-14 21:32 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-08-14 21:32 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-08-14 21:32 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-08-14 21:32 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-08-14 21:32 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-14 21:32 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-08-14 21:27 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-14 21:27 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-14 21:27 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-14 21:27 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-14 21:27 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-14 21:27 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-14 21:27 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-14 21:27 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-14 21:27 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-14 21:27 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-14 21:26 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-14 21:26 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-14 21:24 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-14 21:24 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-13 17:23 - 2014-09-11 17:11 - 00000000 ____D () C:\FRST 2014-09-13 17:23 - 2014-09-11 16:59 - 00000000 ____D () C:\Users\Cronix\Desktop\Tools 2014-09-13 17:23 - 2012-12-15 16:12 - 00000000 ____D () C:\Users\Cronix\AppData\Local\Apps\2.0 2014-09-13 17:18 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-13 17:18 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-13 17:15 - 2014-09-13 17:15 - 00000764 _____ () C:\Users\Cronix\Desktop\JRT.txt 2014-09-13 17:12 - 2014-09-13 16:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-13 17:11 - 2012-11-08 23:40 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-13 17:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-13 17:11 - 2009-07-14 06:51 - 00026431 _____ () C:\Windows\setupact.log 2014-09-13 17:10 - 2012-11-08 23:31 - 02045531 _____ () C:\Windows\WindowsUpdate.log 2014-09-13 17:08 - 2014-09-13 17:08 - 00000000 ____D () C:\Windows\ERUNT 2014-09-13 17:00 - 2012-11-08 23:43 - 00439592 _____ () C:\Windows\PFRO.log 2014-09-13 16:59 - 2014-09-13 16:56 - 00000000 ____D () C:\AdwCleaner 2014-09-13 16:59 - 2012-12-19 18:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-13 16:56 - 2014-09-13 16:56 - 01373475 _____ () C:\Users\Cronix\Downloads\adwcleaner_3.310.exe 2014-09-13 16:40 - 2014-09-13 16:40 - 00000731 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-13 16:40 - 2014-09-13 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-13 16:40 - 2014-09-13 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-13 16:29 - 2014-03-05 18:10 - 00000000 ____D () C:\Users\Cronix\AppData\Local\Battle.net 2014-09-13 16:11 - 2013-04-02 20:15 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001UA.job 2014-09-13 14:17 - 2012-12-06 17:02 - 00004144 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-09-12 21:22 - 2014-09-12 21:22 - 00000000 ____D () C:\Users\Cronix\AppData\Roaming\dvdcss 2014-09-12 17:48 - 2014-09-12 17:48 - 00018061 _____ () C:\Users\Cronix\Desktop\ComboFix.txt 2014-09-12 17:48 - 2014-09-12 17:37 - 00000000 ____D () C:\Qoobox 2014-09-12 17:48 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-09-12 17:47 - 2014-09-12 17:37 - 00000000 ____D () C:\Windows\erdnt 2014-09-12 17:46 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-09-12 17:35 - 2014-09-12 17:33 - 05577449 ____R (Swearware) C:\Users\Cronix\Desktop\ComboFix.exe 2014-09-12 08:20 - 2012-11-09 17:17 - 00000000 ____D () C:\Users\Cronix\AppData\Roaming\vlc 2014-09-11 17:31 - 2014-09-11 17:30 - 01110476 _____ () C:\Users\Cronix\Downloads\7z920.exe 2014-09-11 17:11 - 2013-04-02 20:15 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001Core.job 2014-09-11 03:44 - 2014-09-10 23:11 - 00000000 ____D () C:\Windows\rescache 2014-09-10 21:38 - 2013-04-02 18:07 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-10 21:38 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-09-10 21:38 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-09-10 21:38 - 2009-07-14 07:13 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-10 21:37 - 2013-08-16 03:00 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 21:35 - 2012-11-09 01:22 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-10 21:34 - 2014-05-07 17:11 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-09 20:25 - 2014-09-09 20:25 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 1 2014-09-09 20:06 - 2014-09-09 20:06 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 2 2014-09-09 19:53 - 2012-11-08 23:53 - 00000720 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-09-09 19:53 - 2012-11-08 23:36 - 00001409 _____ () C:\Users\Cronix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-09 19:52 - 2014-09-09 19:52 - 00003148 _____ () C:\Windows\System32\Tasks\{38F96F6E-C465-43B4-9558-C378A02AFAFE} 2014-09-06 09:03 - 2012-12-14 18:34 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-06 09:01 - 2014-09-06 09:01 - 00000000 ____D () C:\Users\Cronix\Documents\My Cheat Tables 2014-09-06 09:00 - 2012-11-15 22:29 - 00000000 ____D () C:\Windows\pss 2014-09-05 04:10 - 2014-09-09 20:17 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-05 04:05 - 2014-09-09 20:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-28 03:16 - 2009-07-14 06:45 - 00294680 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-23 04:07 - 2014-08-27 21:41 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-27 21:41 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-27 21:41 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-22 18:38 - 2014-08-22 18:38 - 00001123 _____ () C:\Users\Cronix\Desktop\Amazon Music.lnk 2014-08-20 21:56 - 2014-08-20 21:56 - 00004728 _____ () C:\Users\Cronix\Desktop\Flitze Feuerzahn.m3u 2014-08-19 20:05 - 2014-09-11 03:00 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-19 19:39 - 2014-09-11 03:00 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-19 01:01 - 2014-09-11 03:00 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-19 00:29 - 2014-09-11 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-19 00:29 - 2014-09-11 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-19 00:26 - 2014-09-11 03:00 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-19 00:20 - 2014-09-11 03:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-19 00:19 - 2014-09-11 03:00 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-19 00:15 - 2014-09-11 03:00 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-19 00:15 - 2014-09-11 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-19 00:14 - 2014-09-11 03:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-19 00:14 - 2014-09-11 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-19 00:08 - 2014-09-11 03:00 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-19 00:08 - 2014-09-11 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-19 00:08 - 2014-09-11 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-19 00:05 - 2014-09-11 03:00 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-19 00:03 - 2014-09-11 03:00 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-19 00:03 - 2014-09-11 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-19 00:03 - 2014-09-11 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-18 23:57 - 2014-09-11 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-18 23:56 - 2014-09-11 03:00 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-18 23:51 - 2014-09-11 03:00 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-18 23:46 - 2014-09-11 03:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-18 23:45 - 2014-09-11 03:00 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-18 23:45 - 2014-09-11 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-18 23:44 - 2014-09-11 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-18 23:44 - 2014-09-11 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-18 23:42 - 2014-09-11 03:00 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-18 23:40 - 2014-09-11 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-18 23:39 - 2014-09-11 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-18 23:39 - 2014-09-11 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-18 23:39 - 2014-09-11 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-18 23:38 - 2014-09-11 03:00 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-18 23:37 - 2014-09-11 03:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-18 23:36 - 2014-09-11 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-18 23:35 - 2014-09-11 03:00 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-18 23:27 - 2014-09-11 03:00 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-18 23:25 - 2014-09-11 03:00 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-18 23:25 - 2014-09-11 03:00 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-18 23:23 - 2014-09-11 03:00 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-18 23:23 - 2014-09-11 03:00 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-18 23:22 - 2014-09-11 03:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-18 23:19 - 2014-09-11 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-18 23:17 - 2014-09-11 03:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-18 23:17 - 2014-09-11 03:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-18 23:16 - 2014-09-11 03:00 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-18 23:15 - 2014-09-11 03:00 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-18 23:15 - 2014-09-11 03:00 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-18 23:09 - 2014-09-11 03:00 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-18 23:08 - 2014-09-11 03:00 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-18 23:07 - 2014-09-11 03:00 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-18 22:55 - 2014-09-11 03:00 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-18 22:46 - 2014-09-11 03:00 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-18 22:38 - 2014-09-11 03:00 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-18 22:38 - 2014-09-11 03:00 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-18 22:36 - 2014-09-11 03:00 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-18 20:53 - 2014-08-18 20:53 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-18 20:53 - 2014-08-18 20:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-18 20:53 - 2014-08-18 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-18 20:48 - 2014-04-15 23:25 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-16 17:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions Some content of TEMP: ==================== C:\Users\Cronix\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-07 21:23 ==================== End Of Log ============================ --- --- --- Sorry, aber irgendwas ist beim vorherigen Post schief gelaufen  |
|
14.09.2014, 12:17
| #13 |
| /// the machine /// TB-Ausbilder | Win7, Search Protect + istasurf eingefangenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.09.2014, 17:51
| #14 |
| | Win7, Search Protect + istasurf eingefangenCode:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1e42e66e2170ee43978146ab345b5e5d
# engine=20163
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-15 04:36:46
# local_time=2014-09-15 06:36:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 810649 175223096 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 35310 162428856 0 0
# scanned=265022
# found=19
# cleaned=0
# scan_time=6348
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Cronix\Lokale Einstellungen\Temp\AskSLib.dll"
sh=3DF621DDBF63ABE9E8632D73EA87FDED137D71FB ft=1 fh=1c88a728f9455b03 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Cronix\Downloads\FreeYouTubeToMP3Converter.exe"
sh=C5069BF606CF37CB610D41E07AFD58D92674691C ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NFT Trojaner" ac=I fn="D:\REAVOR\Backup Set 2013-12-31 174432\Backup Files 2014-04-01 173701\Backup files 1.zip"
sh=FFBB313AD439FC5E0726789F467786B47AC23156 ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.LX evtl. unerwünschte Anwendung" ac=I fn="D:\REAVOR\Backup Set 2014-05-01 202745\Backup Files 2014-05-01 202745\Backup files 18.zip"
sh=A07E1102125655301B3ECA92875FBCE51DAF1437 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="D:\REAVOR\Backup Set 2014-05-01 202745\Backup Files 2014-06-03 195639\Backup files 3.zip"
sh=E7A06E522C3573A8F338867A5131AB00F9A3CBE7 ft=1 fh=2f53c3038a6aa609 vn="Win32/Jeefo.A Virus" ac=I fn="I:\Diablo III\InspectorReporter\BlizzardError.exe"
sh=7BB8B8AB194EE7EB2BDB90AD88D1567182C25EF6 ft=1 fh=eeee0d5bc9dfd9a8 vn="Win32/Jeefo.A Virus" ac=I fn="I:\Filme\Kino Filme\John Rambo\rambo\ratDVDSetup-0.78.1444.exe"
sh=3037904ADA5729AECEED6E9E9FAC513CFD290E26 ft=1 fh=8a1f276ec6e73ddb vn="Win32/Jeefo.A Virus" ac=I fn="I:\Filme\neue FILME\Zuma\PopUninstall.exe"
sh=A801EEBB16D5B12019C99B3B5C9DCC85048975C8 ft=1 fh=866b4ee4eef662fd vn="Win32/Jeefo.A Virus" ac=I fn="I:\Filme\neue FILME\Zuma\Zuma.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Virut.NBP Virus" ac=I fn="I:\Games\Fallout 3\fallout3d\fallout3d.iso"
sh=985DCB9698755D053D61EF5C9BE2A86B7C4708EE ft=1 fh=964d6d92250c1821 vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\Far Cry 2\bin\FarCry2 - Kopie.exe"
sh=DCF11EB5E205F057AEFF720DCE7BCBF472EF014A ft=1 fh=205b7dfe6101c295 vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\Far Cry 2\bin\FC2BenchmarkTool.exe"
sh=6BDAD9D714FC1406EA0C7ACEBC3CBDCACCA675A6 ft=1 fh=ac6a6e66780f18e3 vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\Far Cry 2\bin\FC2Editor.exe"
sh=B938B4A1773BCF6145BD02219D3B1309454B4E2F ft=1 fh=991915a66d1fc953 vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\Far Cry 2\bin\FC2Launcher.exe"
sh=1D198FB3457CD3E7E1D259961E305545B4B7F9AF ft=1 fh=3ca0780f07a06867 vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\Far Cry 2\bin\FC2ServerLauncher.exe"
sh=7211E5654BA87710B5744B8FE593932D5564A960 ft=1 fh=e4de1b11aad2453a vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\Max Payne 2\Kopie von MaxPayne2.exe"
sh=98DCB9108883E70E9B99761526BB7E81A757B9F7 ft=1 fh=6d259607c7a16f18 vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\Max Payne 2\MaxPayne2.exe"
sh=35F158B3E70D0F49410227EDF21CD12F0C471095 ft=1 fh=167f85e4bc6dd6cd vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\Quake\q3pointrelease_132.exe"
sh=E6F8EE544154C55CEBD4C7CEC1D28F07907C8F50 ft=1 fh=167f85e497588c5d vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\setups\tRoX's CS Script Pack v2.0.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox 16.0.2 Firefox out of Date! Mozilla Thunderbird (17.0.) Google Chrome 37.0.2062.103 Google Chrome 37.0.2062.120 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe Avast AvastSvc.exe Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014 Ran by Cronix (administrator) on REAVOR on 15-09-2014 18:50:16 Running from C:\Users\Cronix\Desktop\Tools Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) D:\Programme\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Elaborate Bytes AG) D:\Programme\VirtualCloneDrive\VCDDaemon.exe (AVAST Software) D:\Programme\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-24] (Logitech Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Programme\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [AvastUI.exe] => D:\Programme\Avast\AvastUI.exe [4085896 2014-08-02] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Programme\Avast\ashShA64.dll (AVAST Software) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4AF9E940FBBDCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.72.40 FireFox: ======== FF ProfilePath: C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> D:\Programme\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF Extension: {{EXT_NAME}} - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack [2014-09-10] FF Extension: No Name - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-02] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-09] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Programme\Avast\WebRep\FF FF Extension: avast! Online Security - D:\Programme\Avast\WebRep\FF [2012-12-06] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> CHR StartupUrls: Default -> "https://www.google.de/webhp?sourceid=chrome-instant&rlz=1C1GTPM_deDE530DE530&ion=1&espv=2&ie=UTF-8" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Winamp Application Detector) - D:\Programme\Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () CHR Plugin: (Google Update) - C:\Users\Cronix\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (VLC Web Plugin) - D:\Programme\VLC\npvlc.dll (VideoLAN) CHR Plugin: (iTunes Application Detector) - D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () CHR Profile: C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-02] CHR Extension: (Google Drive) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-02] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04] CHR Extension: (YouTube) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-02] CHR Extension: (Google-Suche) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-02] CHR Extension: (Logitech SetPoint) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-04-02] CHR Extension: (Cut the Rope) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-04-02] CHR Extension: (Fruity Annie) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbacnfobpliffdmiickfhceamljbcnjf [2013-04-02] CHR Extension: (lipakennkogpodadpikgipnogamhklmk) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2014-09-10] CHR Extension: (Google Wallet) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Google Mail) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-02] CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-09] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Programme\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-08] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; D:\Programme\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] () R2 MBAMScheduler; D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-08] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-08] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-08] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-08] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-08] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-08] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-08] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-08] () R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-02] (GFI Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [61088 2012-03-15] (SEIKO EPSON CORPORATION) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-15 16:27 - 2014-09-15 16:29 - 02347384 _____ (ESET) C:\Users\Cronix\Desktop\esetsmartinstaller_deu.exe 2014-09-15 16:27 - 2014-09-15 16:28 - 00854417 _____ () C:\Users\Cronix\Desktop\SecurityCheck.exe 2014-09-13 17:08 - 2014-09-13 17:08 - 00000000 ____D () C:\Windows\ERUNT 2014-09-13 16:56 - 2014-09-13 16:59 - 00000000 ____D () C:\AdwCleaner 2014-09-13 16:56 - 2014-09-13 16:56 - 01373475 _____ () C:\Users\Cronix\Downloads\adwcleaner_3.310.exe 2014-09-13 16:40 - 2014-09-15 18:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-13 16:40 - 2014-09-13 16:40 - 00000731 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-13 16:40 - 2014-09-13 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-13 16:40 - 2014-09-13 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-13 16:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-13 16:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-13 16:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-12 21:22 - 2014-09-14 09:29 - 00000000 ____D () C:\Users\Cronix\AppData\Roaming\dvdcss 2014-09-12 17:48 - 2014-09-12 17:48 - 00018061 _____ () C:\Users\Cronix\Desktop\ComboFix.txt 2014-09-12 17:39 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-12 17:39 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-12 17:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-12 17:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-12 17:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-12 17:39 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-12 17:39 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-12 17:39 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-12 17:37 - 2014-09-12 17:48 - 00000000 ____D () C:\Qoobox 2014-09-12 17:37 - 2014-09-12 17:47 - 00000000 ____D () C:\Windows\erdnt 2014-09-12 17:33 - 2014-09-12 17:35 - 05577449 ____R (Swearware) C:\Users\Cronix\Desktop\ComboFix.exe 2014-09-11 17:30 - 2014-09-11 17:31 - 01110476 _____ () C:\Users\Cronix\Downloads\7z920.exe 2014-09-11 17:11 - 2014-09-15 18:50 - 00000000 ____D () C:\FRST 2014-09-11 16:59 - 2014-09-15 18:50 - 00000000 ____D () C:\Users\Cronix\Desktop\Tools 2014-09-11 03:00 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-11 03:00 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-11 03:00 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 03:00 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 03:00 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-11 03:00 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-11 03:00 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 03:00 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-11 03:00 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-11 03:00 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-11 03:00 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-11 03:00 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-11 03:00 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-11 03:00 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 03:00 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-11 03:00 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 03:00 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-11 03:00 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 03:00 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-11 03:00 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-11 03:00 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-11 03:00 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-11 03:00 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-11 03:00 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-11 03:00 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-11 03:00 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-11 03:00 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-11 03:00 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-11 03:00 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-11 03:00 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 03:00 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-11 03:00 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-11 03:00 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-11 03:00 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-11 03:00 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-11 03:00 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-11 03:00 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-11 03:00 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 03:00 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-11 03:00 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 03:00 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-11 03:00 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-11 03:00 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-11 03:00 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-11 03:00 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-11 03:00 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 03:00 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-11 03:00 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 03:00 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-11 03:00 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-11 03:00 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-11 03:00 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 03:00 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-11 03:00 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-11 03:00 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-11 03:00 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-10 23:11 - 2014-09-11 03:44 - 00000000 ____D () C:\Windows\rescache 2014-09-10 21:34 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 21:34 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-09 20:28 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-09 20:28 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-09 20:25 - 2014-09-09 20:25 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 1 2014-09-09 20:23 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-09 20:23 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-09 20:17 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-09 20:17 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-09 20:17 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-09 20:17 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-09 20:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-09 20:17 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-09 20:17 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-09 20:06 - 2014-09-09 20:06 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 2 2014-09-09 19:52 - 2014-09-09 19:52 - 00003148 _____ () C:\Windows\System32\Tasks\{38F96F6E-C465-43B4-9558-C378A02AFAFE} 2014-09-06 09:01 - 2014-09-06 09:01 - 00000000 ____D () C:\Users\Cronix\Documents\My Cheat Tables 2014-08-27 21:41 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-27 21:41 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-27 21:41 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-22 18:38 - 2014-08-22 18:38 - 00001123 _____ () C:\Users\Cronix\Desktop\Amazon Music.lnk 2014-08-20 21:56 - 2014-08-20 21:56 - 00004728 _____ () C:\Users\Cronix\Desktop\Flitze Feuerzahn.m3u 2014-08-18 20:53 - 2014-08-18 20:53 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-18 20:53 - 2014-08-18 20:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-18 20:53 - 2014-08-18 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-15 18:50 - 2014-09-11 17:11 - 00000000 ____D () C:\FRST 2014-09-15 18:50 - 2014-09-11 16:59 - 00000000 ____D () C:\Users\Cronix\Desktop\Tools 2014-09-15 18:47 - 2014-09-13 16:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-15 18:46 - 2012-11-08 23:43 - 00440426 _____ () C:\Windows\PFRO.log 2014-09-15 18:46 - 2012-11-08 23:40 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-15 18:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-15 18:46 - 2009-07-14 06:51 - 00026711 _____ () C:\Windows\setupact.log 2014-09-15 18:45 - 2012-11-08 23:31 - 01061188 _____ () C:\Windows\WindowsUpdate.log 2014-09-15 18:11 - 2013-04-02 20:15 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001UA.job 2014-09-15 17:59 - 2012-12-19 18:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-15 17:11 - 2013-04-02 20:15 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001Core.job 2014-09-15 16:29 - 2014-09-15 16:27 - 02347384 _____ (ESET) C:\Users\Cronix\Desktop\esetsmartinstaller_deu.exe 2014-09-15 16:28 - 2014-09-15 16:27 - 00854417 _____ () C:\Users\Cronix\Desktop\SecurityCheck.exe 2014-09-15 16:26 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-09-15 16:26 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-09-15 16:26 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-15 16:21 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-15 16:21 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-15 08:48 - 2012-11-09 17:17 - 00000000 ____D () C:\Users\Cronix\AppData\Roaming\vlc 2014-09-14 10:00 - 2012-12-19 18:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-14 10:00 - 2012-11-09 00:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-14 10:00 - 2012-11-09 00:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-14 09:29 - 2014-09-12 21:22 - 00000000 ____D () C:\Users\Cronix\AppData\Roaming\dvdcss 2014-09-14 09:29 - 2012-12-06 17:02 - 00004144 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-09-13 17:23 - 2012-12-15 16:12 - 00000000 ____D () C:\Users\Cronix\AppData\Local\Apps\2.0 2014-09-13 17:08 - 2014-09-13 17:08 - 00000000 ____D () C:\Windows\ERUNT 2014-09-13 16:59 - 2014-09-13 16:56 - 00000000 ____D () C:\AdwCleaner 2014-09-13 16:56 - 2014-09-13 16:56 - 01373475 _____ () C:\Users\Cronix\Downloads\adwcleaner_3.310.exe 2014-09-13 16:40 - 2014-09-13 16:40 - 00000731 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-13 16:40 - 2014-09-13 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-13 16:40 - 2014-09-13 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-13 16:29 - 2014-03-05 18:10 - 00000000 ____D () C:\Users\Cronix\AppData\Local\Battle.net 2014-09-12 17:48 - 2014-09-12 17:48 - 00018061 _____ () C:\Users\Cronix\Desktop\ComboFix.txt 2014-09-12 17:48 - 2014-09-12 17:37 - 00000000 ____D () C:\Qoobox 2014-09-12 17:48 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-09-12 17:47 - 2014-09-12 17:37 - 00000000 ____D () C:\Windows\erdnt 2014-09-12 17:46 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-09-12 17:35 - 2014-09-12 17:33 - 05577449 ____R (Swearware) C:\Users\Cronix\Desktop\ComboFix.exe 2014-09-11 17:31 - 2014-09-11 17:30 - 01110476 _____ () C:\Users\Cronix\Downloads\7z920.exe 2014-09-11 03:44 - 2014-09-10 23:11 - 00000000 ____D () C:\Windows\rescache 2014-09-10 21:38 - 2013-04-02 18:07 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-10 21:37 - 2013-08-16 03:00 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 21:35 - 2012-11-09 01:22 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-10 21:34 - 2014-05-07 17:11 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-09 20:25 - 2014-09-09 20:25 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 1 2014-09-09 20:06 - 2014-09-09 20:06 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 2 2014-09-09 19:53 - 2012-11-08 23:53 - 00000720 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-09-09 19:53 - 2012-11-08 23:36 - 00001409 _____ () C:\Users\Cronix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-09 19:52 - 2014-09-09 19:52 - 00003148 _____ () C:\Windows\System32\Tasks\{38F96F6E-C465-43B4-9558-C378A02AFAFE} 2014-09-06 09:03 - 2012-12-14 18:34 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-06 09:01 - 2014-09-06 09:01 - 00000000 ____D () C:\Users\Cronix\Documents\My Cheat Tables 2014-09-06 09:00 - 2012-11-15 22:29 - 00000000 ____D () C:\Windows\pss 2014-09-05 04:10 - 2014-09-09 20:17 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-05 04:05 - 2014-09-09 20:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-28 03:16 - 2009-07-14 06:45 - 00294680 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-23 04:07 - 2014-08-27 21:41 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-27 21:41 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-27 21:41 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-22 18:38 - 2014-08-22 18:38 - 00001123 _____ () C:\Users\Cronix\Desktop\Amazon Music.lnk 2014-08-20 21:56 - 2014-08-20 21:56 - 00004728 _____ () C:\Users\Cronix\Desktop\Flitze Feuerzahn.m3u 2014-08-19 20:05 - 2014-09-11 03:00 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-19 19:39 - 2014-09-11 03:00 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-19 01:01 - 2014-09-11 03:00 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-19 00:29 - 2014-09-11 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-19 00:29 - 2014-09-11 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-19 00:26 - 2014-09-11 03:00 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-19 00:20 - 2014-09-11 03:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-19 00:19 - 2014-09-11 03:00 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-19 00:15 - 2014-09-11 03:00 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-19 00:15 - 2014-09-11 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-19 00:14 - 2014-09-11 03:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-19 00:14 - 2014-09-11 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-19 00:08 - 2014-09-11 03:00 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-19 00:08 - 2014-09-11 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-19 00:08 - 2014-09-11 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-19 00:05 - 2014-09-11 03:00 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-19 00:03 - 2014-09-11 03:00 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-19 00:03 - 2014-09-11 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-19 00:03 - 2014-09-11 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-18 23:57 - 2014-09-11 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-18 23:56 - 2014-09-11 03:00 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-18 23:51 - 2014-09-11 03:00 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-18 23:46 - 2014-09-11 03:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-18 23:45 - 2014-09-11 03:00 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-18 23:45 - 2014-09-11 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-18 23:44 - 2014-09-11 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-18 23:44 - 2014-09-11 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-18 23:42 - 2014-09-11 03:00 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-18 23:40 - 2014-09-11 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-18 23:39 - 2014-09-11 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-18 23:39 - 2014-09-11 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-18 23:39 - 2014-09-11 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-18 23:38 - 2014-09-11 03:00 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-18 23:37 - 2014-09-11 03:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-18 23:36 - 2014-09-11 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-18 23:35 - 2014-09-11 03:00 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-18 23:27 - 2014-09-11 03:00 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-18 23:25 - 2014-09-11 03:00 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-18 23:25 - 2014-09-11 03:00 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-18 23:23 - 2014-09-11 03:00 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-18 23:23 - 2014-09-11 03:00 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-18 23:22 - 2014-09-11 03:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-18 23:19 - 2014-09-11 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-18 23:17 - 2014-09-11 03:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-18 23:17 - 2014-09-11 03:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-18 23:16 - 2014-09-11 03:00 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-18 23:15 - 2014-09-11 03:00 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-18 23:15 - 2014-09-11 03:00 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-18 23:09 - 2014-09-11 03:00 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-18 23:08 - 2014-09-11 03:00 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-18 23:07 - 2014-09-11 03:00 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-18 22:55 - 2014-09-11 03:00 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-18 22:46 - 2014-09-11 03:00 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-18 22:38 - 2014-09-11 03:00 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-18 22:38 - 2014-09-11 03:00 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-18 22:36 - 2014-09-11 03:00 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-18 20:53 - 2014-08-18 20:53 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-18 20:53 - 2014-08-18 20:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-18 20:53 - 2014-08-18 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-18 20:48 - 2014-04-15 23:25 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-16 17:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions Some content of TEMP: ==================== C:\Users\Cronix\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-07 21:23 ==================== End Of Log ============================ --- --- --- |
|
16.09.2014, 11:11
| #15 |
| /// the machine /// TB-Ausbilder | Win7, Search Protect + istasurf eingefangen Games und Backups löschen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
