Firefox, doppelt unterstrichene Wörter + Werbung + automatisch geöffnete Taps

Napo33 · 07.10.2014, 11:53

Hallo,

seit gestern habe ich folgendes Problem:

auf allen Webseiten erscheinen einzelne Wörter in grün und doppelt unterstrichen, sobald man mit der Maus darüber fährt öffnen sich kleine Taps mit Werbung. Desweiteren wird jede Webseite mit Werbebannern überzogen und es öffnen sich automatisch neue Taps in denen man aufgefordert wird bei Programmen Updates zu machen. Zudem hat sich das Verenprogramm YAC auf meinen Laptop geschlichen, welches mir nicht möglich ist zu löschen.

Avast hab ich öfters meinen Laptop scanen lassen aber ohne Erfolg.

Da ich ein reiner User bin hoffe ich, das mir hier jemand helfen kann.

Anbei die wie in der Anleitung beschriebenen und gewünschten Textdateien.

Danke

schrauber · 07.10.2014, 12:06

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Napo33 · 07.10.2014, 12:28

Hi,
okay sorry.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:01 on 07/10/2014 (Arne)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Arne (administrator) on ARNE-PC on 07-10-2014 11:55:08
Running from C:\Users\Arne\Desktop
Loaded Profiles: Arne & UpdatusUser (Available profiles: Arne & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Zoomify Agent) C:\ProgramData\zoomify2\1.1.0.25\wzoomifyd.exe
(Zoomify Agent) C:\ProgramData\zoomify2\1.1.0.25\zoomify.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Zoomify Agent) C:\ProgramData\zoomify2\1.1.0.25\zoomifyD32.exe
(Zoomify Agent) C:\ProgramData\zoomify2\1.1.0.25\zoomifyL64.exe
(Zoomify Agent) C:\ProgramData\zoomify2\1.1.0.25\zoomifyL32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-856369245-1405169768-1277596959-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A55E714350ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396386759&from=tugs&uid=HitachiXHTS545050B9A300_090218PB4400Q7G4UMDAX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396386759&from=tugs&uid=HitachiXHTS545050B9A300_090218PB4400Q7G4UMDAX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=159&itype=n&ver=13892&tm=483&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 217.0.43.193 217.0.43.1

FireFox:
========
FF ProfilePath: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\df3df6ur.default-1412603674226
FF NewTab: hxxp://www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-06]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\s2k9j764.default\extensions\quick_start@gmail.com

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR RestoreOnStartup: Default -> "hxxp://www.google.com"
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> Google
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16]
CHR Extension: (YouTube) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Google-Suche) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (avast! Online Security) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-05]
CHR Extension: (Skype Click to Call) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-16]
CHR Extension: (Google Wallet) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (Google Mail) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-09-30] (Elex do Brasil Participações Ltda)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 wzoomifyd; C:\ProgramData\zoomify2\1.1.0.25\wzoomifyd.exe [194560 2014-10-02] (Zoomify Agent) [File not signed]
R2 zoomify; C:\ProgramData\zoomify2\1.1.0.25\zoomify.exe [370688 2014-10-02] (Zoomify Agent) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-06] ()
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-09-30] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-09-30] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-09-30] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-09-30] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-09-22] (Elex do Brasil Participações Ltda)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 11:54 - 2014-10-07 11:54 - 00021543 _____ () C:\Users\Arne\Desktop\Addition.txt
2014-10-07 11:53 - 2014-10-07 11:55 - 00016211 _____ () C:\Users\Arne\Desktop\FRST.txt
2014-10-07 11:53 - 2014-10-07 11:55 - 00000000 ____D () C:\FRST
2014-10-07 11:51 - 2014-10-07 11:52 - 02109952 _____ (Farbar) C:\Users\Arne\Desktop\FRST64.exe
2014-10-07 11:50 - 2014-10-07 11:51 - 01101312 _____ (Farbar) C:\Users\Arne\Desktop\FRST.exe
2014-10-07 11:49 - 2014-10-07 11:49 - 00000470 _____ () C:\Windows\SysWOW64\defogger_disable.log
2014-10-07 11:49 - 2014-10-07 11:49 - 00000000 _____ () C:\Users\Arne\defogger_reenable
2014-10-07 11:46 - 2014-10-07 11:46 - 00050477 _____ () C:\Users\Arne\Desktop\Defogger.exe
2014-10-07 02:03 - 2014-10-07 02:03 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-07 02:03 - 2014-10-07 02:03 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-07 02:03 - 2014-10-07 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-07 02:00 - 2014-10-07 02:00 - 00244408 _____ () C:\Users\Arne\Downloads\Firefox Setup Stub 32.0.3 (1).exe
2014-10-06 23:09 - 2014-10-07 00:58 - 00000000 ____D () C:\AdwCleaner
2014-10-06 22:14 - 2014-10-06 22:17 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-10-06 22:14 - 2014-10-06 22:14 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Abelssoft
2014-10-06 22:14 - 2014-10-06 22:14 - 00000000 ____D () C:\Users\Arne\AppData\Local\Abelssoft
2014-10-06 22:14 - 2014-10-06 22:14 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-10-06 22:12 - 2014-10-06 22:13 - 01589182 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-06 22:04 - 2014-10-06 22:04 - 00001452 _____ () C:\Users\Arne\Desktop\Goodgame Empire.lnk
2014-10-06 22:04 - 2014-10-06 22:04 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\DesktopIconGoodgame
2014-10-06 22:04 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-10-06 22:04 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-10-06 22:03 - 2014-10-06 22:03 - 01101648 _____ () C:\Users\Arne\Downloads\HijackThis - CHIP-Installer.exe
2014-10-06 21:01 - 2014-10-07 11:36 - 00000448 _____ () C:\Windows\setupact.log
2014-10-06 21:01 - 2014-10-06 21:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-06 21:00 - 2014-10-07 01:33 - 00005756 _____ () C:\Windows\PFRO.log
2014-10-06 19:42 - 2014-10-07 01:24 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\eCyber
2014-10-06 19:41 - 2014-10-07 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-10-06 19:41 - 2014-10-06 19:41 - 00001902 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-10-06 19:41 - 2014-10-06 19:41 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Elex-tech
2014-10-06 19:41 - 2014-10-06 19:41 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-10-06 19:41 - 2014-09-30 12:18 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-10-06 19:41 - 2014-09-22 14:13 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2014-10-06 16:09 - 2014-10-06 16:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-06 16:07 - 2014-10-06 16:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Arne\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-06 15:49 - 2014-10-07 01:24 - 00000000 ____D () C:\Windows\system32\log
2014-10-06 15:18 - 2014-10-06 15:18 - 00000000 _____ () C:\autoexec.bat
2014-10-06 15:16 - 2014-10-06 15:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-06 15:15 - 2014-10-06 15:58 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-06 15:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-06 14:43 - 2014-10-06 15:54 - 00000000 ____D () C:\Users\Arne\Desktop\Alte Firefox-Daten
2014-10-06 11:55 - 2014-10-06 11:55 - 00000099 _____ () C:\Windows\Reimage.ini
2014-10-06 11:42 - 2014-10-06 11:42 - 00244408 _____ () C:\Users\Arne\Downloads\Firefox Setup Stub 32.0.3.exe
2014-10-06 11:37 - 2014-10-06 11:37 - 00004322 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-10-06 11:37 - 2014-10-06 11:37 - 00003536 _____ () C:\Windows\System32\Tasks\RocketTab
2014-10-06 11:13 - 2014-10-06 11:13 - 00000000 ____D () C:\ProgramData\zoomify2
2014-10-06 11:03 - 2014-10-06 11:04 - 00576584 _____ () C:\Users\Arne\Downloads\Update_Mozilla_Firefox.exe
2014-10-06 00:46 - 2014-10-07 11:36 - 00001334 _____ () C:\Windows\Tasks\NMBDOU.job
2014-10-06 00:46 - 2014-10-07 11:36 - 00001332 _____ () C:\Windows\Tasks\KZXMT.job
2014-10-06 00:46 - 2014-10-06 00:46 - 02015640 _____ (HD-Quality-v3V05.10) C:\Users\Arne\AppData\Roaming\NMBDOU.exe
2014-10-06 00:46 - 2014-10-06 00:46 - 01544600 _____ (HD-Quality-v3V05.10) C:\Users\Arne\AppData\Roaming\KZXMT.exe
2014-10-06 00:46 - 2014-10-06 00:46 - 00004356 _____ () C:\Windows\System32\Tasks\NMBDOU
2014-10-06 00:46 - 2014-10-06 00:46 - 00004354 _____ () C:\Windows\System32\Tasks\KZXMT
2014-10-06 00:40 - 2014-10-06 00:40 - 00256848 _____ () C:\Users\Arne\Downloads\TinyPlayerInstaller.exe
2014-09-27 21:47 - 2014-09-27 21:47 - 00004022 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-27 21:39 - 2014-09-27 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-27 21:39 - 2014-09-27 21:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-27 21:36 - 2014-10-07 01:24 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\InetStat
2014-09-27 21:36 - 2014-09-27 21:36 - 00395416 _____ () C:\Users\Arne\Downloads\czech.hunter.4.full.episode.free__6629_i1342853153_il32438.exe
2014-09-24 22:33 - 2014-10-07 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-16 11:23 - 2014-09-16 11:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-16 11:23 - 2014-09-16 11:23 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-16 11:23 - 2014-09-16 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 11:20 - 2014-09-16 11:20 - 01678440 _____ (Skype Technologies S.A.) C:\Users\Arne\Downloads\SkypeSetup(2).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 11:55 - 2014-01-05 01:14 - 01142294 _____ () C:\Windows\WindowsUpdate.log
2014-10-07 11:49 - 2014-06-05 00:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-07 11:49 - 2014-01-05 01:18 - 00000000 ____D () C:\Users\Arne
2014-10-07 11:44 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-07 11:44 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-07 11:38 - 2014-01-06 17:27 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-07 11:36 - 2014-06-05 00:31 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-07 11:36 - 2014-01-05 19:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-07 11:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-07 11:26 - 2014-01-07 20:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-07 01:24 - 2014-01-06 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-07 01:24 - 2014-01-06 19:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-07 01:24 - 2014-01-06 17:58 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\FreeCommander
2014-10-07 01:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-10-06 22:42 - 2009-07-14 06:45 - 00417872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-06 22:17 - 2014-01-05 18:38 - 00111336 _____ () C:\Users\Arne\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-06 22:13 - 2009-07-14 19:58 - 00696370 _____ () C:\Windows\system32\perfh007.dat
2014-10-06 22:13 - 2009-07-14 19:58 - 00147634 _____ () C:\Windows\system32\perfc007.dat
2014-10-06 22:13 - 2009-07-14 07:13 - 01589182 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-06 21:00 - 2014-06-05 00:32 - 00000000 ____D () C:\Program Files\Google
2014-10-06 21:00 - 2014-02-04 20:01 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-06 20:57 - 2014-01-05 01:10 - 00000000 ____D () C:\Windows\Panther
2014-10-06 19:45 - 2014-02-04 20:01 - 00000000 ____D () C:\Users\Arne\AppData\Local\Google
2014-10-06 16:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-10-06 15:49 - 2014-06-05 00:33 - 00002233 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-06 14:05 - 2014-01-06 18:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-06 11:30 - 2014-01-05 18:28 - 00000000 ____D () C:\Windows\Minidump
2014-09-28 19:50 - 2014-04-14 10:29 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Skype
2014-09-27 22:10 - 2014-04-14 10:58 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-24 15:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-24 11:26 - 2014-01-07 20:39 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 11:26 - 2014-01-07 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 11:26 - 2014-01-07 20:39 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-19 17:20 - 2014-01-06 19:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 11:23 - 2014-04-14 10:29 - 00000000 ____D () C:\ProgramData\Skype
2014-09-15 09:06 - 2014-01-05 18:56 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-10 10:39 - 2014-08-29 20:06 - 00075570 _____ () C:\Users\Arne\Desktop\l57w45yw.bmp

Some content of TEMP:
====================
C:\Users\Arne\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-27 13:03

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Arne at 2014-10-07 11:55:42
Running from C:\Users\Arne\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
WISO Steuer 2014 (HKCU\...\{F20E4B74-A494-4548-8373-F919D2074CB5}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-09-2014 20:09:29 Removed Microsoft Silverlight
27-09-2014 20:14:09 Removed Microsoft Silverlight
27-09-2014 20:14:59 Removed Microsoft Silverlight
05-10-2014 10:56:11 Geplanter Prüfpunkt
06-10-2014 09:13:02 RegClean Pro Mo, Okt 06, 14  11:12
06-10-2014 13:15:36 Installed SpyHunter
06-10-2014 13:44:38 Removed SpyHunter
06-10-2014 13:58:05 Removed SpyHunter
06-10-2014 21:00:30 Windows Update
06-10-2014 23:51:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-01-06 18:54 - 00450639 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	²©²ÊÍ¨,²©²ÊÍø,½ð±¦²©188,²©²ÊÍ¨ÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	Gadgets And More
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17AAC0D5-8CEA-461F-B75C-4D978E41A701} - System32\Tasks\RocketTab => C:\Windows\system32\cmd.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {33CBECFC-3552-4710-9BF0-981AC8576E1A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-06] (AVAST Software)
Task: {34FCEA57-45D3-4877-A8B3-1DE035F57545} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {3541FA5B-162C-44C7-9024-E4E1C1FD28F5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {496168C5-0B80-4A2F-994D-AF3D59668AC3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {4FDDA1BF-520B-4DB7-9DBE-00110DEEE4DB} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {64539A15-9032-4DA6-85F6-A2A2A52115D5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {7046BBCE-BB0C-421E-8B43-74F206155D08} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe <==== ATTENTION
Task: {710B0EC1-4F7F-4D37-BE73-350ED8B54E78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)
Task: {901E5610-59B8-4BA3-8287-84BF97BFFDC1} - System32\Tasks\NMBDOU => C:\Users\Arne\AppData\Roaming\NMBDOU.exe [2014-10-06] (HD-Quality-v3V05.10)
Task: {9BA3BEB6-54D6-4DF5-B527-A5E7568969F1} - System32\Tasks\KZXMT => C:\Users\Arne\AppData\Roaming\KZXMT.exe [2014-10-06] (HD-Quality-v3V05.10)
Task: {9FE5BBC7-B116-4208-85E9-5C03550D5EEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)
Task: {F51F9378-30AC-4219-A1DD-B7315A8CC08F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\KZXMT.job => C:\Users\Arne\AppData\Roaming\KZXMT.exe
Task: C:\Windows\Tasks\NMBDOU.job => C:\Users\Arne\AppData\Roaming\NMBDOU.exe

==================== Loaded Modules (whitelisted) =============

2014-01-05 19:53 - 2013-08-30 00:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-06 19:41 - 2014-09-30 12:13 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2014-10-06 19:41 - 2014-09-30 12:13 - 00092320 _____ () C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll
2014-10-06 19:41 - 2014-09-22 14:13 - 00176976 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2014-10-06 19:41 - 2014-09-22 14:13 - 00087744 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2014-08-06 16:55 - 2014-08-06 16:55 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-07 10:33 - 2014-10-07 10:33 - 02859008 _____ () C:\Program Files\AVAST Software\Avast\defs\14100700\algo.dll
2014-10-06 19:41 - 2014-09-30 12:13 - 00185640 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-06 18:42 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-06 18:42 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-06 18:42 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-06 18:42 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-06 18:42 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-06 16:55 - 2014-08-06 16:55 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-07 02:03 - 2014-09-24 07:09 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-10 01:27 - 2014-09-10 01:27 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Arne\Downloads\czech.hunter.4.full.episode.free__6629_i1342853153_il32438.exe:typelib

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-856369245-1405169768-1277596959-500 - Administrator - Disabled)
Arne (S-1-5-21-856369245-1405169768-1277596959-1000 - Administrator - Enabled) => C:\Users\Arne
Gast (S-1-5-21-856369245-1405169768-1277596959-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-856369245-1405169768-1277596959-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (10/07/2014 00:45:43 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3136) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0000A.log.


System errors:
=============
Error: (10/07/2014 11:36:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (10/07/2014 11:22:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (10/07/2014 10:36:57 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (10/07/2014 10:36:57 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (10/07/2014 10:36:57 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (10/07/2014 10:36:57 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (10/07/2014 10:36:57 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (10/07/2014 10:36:57 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (10/07/2014 10:36:57 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (10/07/2014 10:36:57 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-10-05 21:49:35.764
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-05 21:48:54.018
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 23:04:19.627
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 21:09:04.603
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 21:06:45.420
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 21:03:39.682
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 20:59:54.471
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 20:57:43.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-16 21:20:49.410
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-16 21:20:48.046
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 4090.88 MB
Available physical RAM: 2439.37 MB
Total Pagefile: 8179.93 MB
Available Pagefile: 6272.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:139.9 GB) (Free:104.8 GB) NTFS
Drive d: (Daten) (Fixed) (Total:300.37 GB) (Free:253.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8B5A1198)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=139.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=300.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Arne at 2014-10-07 11:55:42
Running from C:\Users\Arne\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
WISO Steuer 2014 (HKCU\...\{F20E4B74-A494-4548-8373-F919D2074CB5}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-09-2014 20:09:29 Removed Microsoft Silverlight
27-09-2014 20:14:09 Removed Microsoft Silverlight
27-09-2014 20:14:59 Removed Microsoft Silverlight
05-10-2014 10:56:11 Geplanter Prüfpunkt
06-10-2014 09:13:02 RegClean Pro Mo, Okt 06, 14  11:12
06-10-2014 13:15:36 Installed SpyHunter
06-10-2014 13:44:38 Removed SpyHunter
06-10-2014 13:58:05 Removed SpyHunter
06-10-2014 21:00:30 Windows Update
06-10-2014 23:51:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-01-06 18:54 - 00450639 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	1001namen.com - Informationen zum Thema 1001namen. Diese Website steht zum Verkauf!
127.0.0.1	100888290cs.com
127.0.0.1	²©²ÊÍ¨,²©²ÊÍø,½ð±¦²©188,²©²ÊÍ¨ÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	Gadgets And More
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17AAC0D5-8CEA-461F-B75C-4D978E41A701} - System32\Tasks\RocketTab => C:\Windows\system32\cmd.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {33CBECFC-3552-4710-9BF0-981AC8576E1A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-06] (AVAST Software)
Task: {34FCEA57-45D3-4877-A8B3-1DE035F57545} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {3541FA5B-162C-44C7-9024-E4E1C1FD28F5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {496168C5-0B80-4A2F-994D-AF3D59668AC3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {4FDDA1BF-520B-4DB7-9DBE-00110DEEE4DB} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {64539A15-9032-4DA6-85F6-A2A2A52115D5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {7046BBCE-BB0C-421E-8B43-74F206155D08} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe <==== ATTENTION
Task: {710B0EC1-4F7F-4D37-BE73-350ED8B54E78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)
Task: {901E5610-59B8-4BA3-8287-84BF97BFFDC1} - System32\Tasks\NMBDOU => C:\Users\Arne\AppData\Roaming\NMBDOU.exe [2014-10-06] (HD-Quality-v3V05.10)
Task: {9BA3BEB6-54D6-4DF5-B527-A5E7568969F1} - System32\Tasks\KZXMT => C:\Users\Arne\AppData\Roaming\KZXMT.exe [2014-10-06] (HD-Quality-v3V05.10)
Task: {9FE5BBC7-B116-4208-85E9-5C03550D5EEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)
Task: {F51F9378-30AC-4219-A1DD-B7315A8CC08F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\KZXMT.job => C:\Users\Arne\AppData\Roaming\KZXMT.exe
Task: C:\Windows\Tasks\NMBDOU.job => C:\Users\Arne\AppData\Roaming\NMBDOU.exe

==================== Loaded Modules (whitelisted) =============

2014-01-05 19:53 - 2013-08-30 00:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-06 19:41 - 2014-09-30 12:13 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2014-10-06 19:41 - 2014-09-30 12:13 - 00092320 _____ () C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll
2014-10-06 19:41 - 2014-09-22 14:13 - 00176976 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2014-10-06 19:41 - 2014-09-22 14:13 - 00087744 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2014-08-06 16:55 - 2014-08-06 16:55 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-07 10:33 - 2014-10-07 10:33 - 02859008 _____ () C:\Program Files\AVAST Software\Avast\defs\14100700\algo.dll
2014-10-06 19:41 - 2014-09-30 12:13 - 00185640 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-06 18:42 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-06 18:42 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-06 18:42 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-06 18:42 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-06 18:42 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-06 16:55 - 2014-08-06 16:55 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-07 02:03 - 2014-09-24 07:09 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-10 01:27 - 2014-09-10 01:27 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Arne\Downloads\czech.hunter.4.full.episode.free__6629_i1342853153_il32438.exe:typelib

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-856369245-1405169768-1277596959-500 - Administrator - Disabled)
Arne (S-1-5-21-856369245-1405169768-1277596959-1000 - Administrator - Enabled) => C:\Users\Arne
Gast (S-1-5-21-856369245-1405169768-1277596959-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-856369245-1405169768-1277596959-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/07/2014 00:45:44 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (10/07/2014 00:45:43 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3136) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0000A.log.


System errors:
=============
Error: (10/07/2014 11:36:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (10/07/2014 11:22:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (10/07/2014 10:36:57 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (10/07/2014 10:36:57 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (10/07/2014 10:36:57 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (10/07/2014 10:36:57 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (10/07/2014 10:36:57 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (10/07/2014 10:36:57 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (10/07/2014 10:36:57 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (10/07/2014 10:36:57 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-10-05 21:49:35.764
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-05 21:48:54.018
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 23:04:19.627
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 21:09:04.603
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 21:06:45.420
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 21:03:39.682
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 20:59:54.471
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 20:57:43.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-16 21:20:49.410
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-16 21:20:48.046
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo64v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 4090.88 MB
Available physical RAM: 2439.37 MB
Total Pagefile: 8179.93 MB
Available Pagefile: 6272.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:139.9 GB) (Free:104.8 GB) NTFS
Drive d: (Daten) (Fixed) (Total:300.37 GB) (Free:253.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8B5A1198)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=139.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=300.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-07 12:12:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC60G 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Arne\AppData\Local\Temp\kxldrpow.sys

---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\System32\win32k.sys!EngSetLastError + 616 fffff960000a4ce4 8 bytes [04, B5, C5, 02, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000d3f00 7 bytes [80, 9D, F3, FF, 01, A9, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000d3f08 3 bytes [C0, 06, 02]
.text ... * 106
.text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 400 fffff96000192c48 14 bytes [88, B7, C5, 02, 80, F8, FF, ...]

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000149970460
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000149970450
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000149970370
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000149970470
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 00000001499703e0
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000149970320
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 00000001499703b0
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000149970390
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 00000001499702e0
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 00000001499702d0
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000149970310
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 00000001499703c0
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 00000001499703f0
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000149970230
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000149970480
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 00000001499703a0
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 00000001499702f0
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000149970350
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000149970290
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 00000001499702b0
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 00000001499703d0
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000149970330
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000149970410
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000149970240
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 00000001499701e0
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000149970250
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000149970490
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 00000001499704a0
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000149970300
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000149970360
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 00000001499702a0
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 00000001499702c0
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000149970380
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000149970340
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000149970440
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000149970260
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000149970270
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000149970400
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 00000001499701f0
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000149970210
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000149970200
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000149970420
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000149970430
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000149970220
.text C:\Windows\system32\csrss.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000149970280
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection

Napo33 · 07.10.2014, 12:30

0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Windows\system32\wininit.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Windows\system32\wininit.exe[464] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000149970460
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000149970450
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000149970370
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000149970470
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 00000001499703e0
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000149970320
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 00000001499703b0
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000149970390
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 00000001499702e0
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 00000001499702d0
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000149970310
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 00000001499703c0
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 00000001499703f0
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000149970230
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000149970480
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 00000001499703a0
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 00000001499702f0
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000149970350
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000149970290
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 00000001499702b0
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 00000001499703d0
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000149970330
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000149970410
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000149970240
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 00000001499701e0
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000149970250
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000149970490
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 00000001499704a0
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000149970300
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000149970360
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 00000001499702a0
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 00000001499702c0
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000149970380
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000149970340
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000149970440
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000149970260
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000149970270
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000149970400
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 00000001499701f0
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000149970210
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000149970200
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000149970420
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000149970430
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000149970220
.text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000149970280
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Windows\system32\services.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Windows\system32\services.exe[520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\lsass.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Windows\system32\lsm.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300

Napo33 · 07.10.2014, 12:33

.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Windows\system32\svchost.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Windows\system32\svchost.exe[648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Windows\system32\nvvsvc.exe[772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[796] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Windows\System32\svchost.exe[936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe[372] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Windows\System32\svchost.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Windows\System32\svchost.exe[348] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Windows\system32\svchost.exe[1056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000100040460
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000100040450
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000100040370
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000100040470
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 00000001000403e0
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000100040320
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 00000001000403b0
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000100040390
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 00000001000402e0
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 00000001000402d0
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000100040310
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 00000001000403c0
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 00000001000403f0
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000100040230
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000100040480
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 00000001000403a0
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 00000001000402f0
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000100040350
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000100040290
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 00000001000402b0
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 00000001000403d0
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000100040330
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000100040410
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000100040240

Napo33 · 07.10.2014, 12:37

.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000100040250
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000100040490
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 00000001000404a0
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000100040300
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000100040360
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 00000001000402a0
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 00000001000402c0
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000100040380
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000100040340
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000100040440
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000100040260
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000100040270
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000100040400
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 00000001000401f0
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000100040210
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000100040200
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000100040420
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000100040430
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000100040220
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000100040280
.text C:\Windows\system32\AUDIODG.EXE[1148] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000171b10460
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000171b10450
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000171b10370
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000171b10470
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000171b103e0
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000171b10320
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000171b103b0
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000171b10390
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000171b102e0
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000171b102d0
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000171b10310
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000171b103c0
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000171b103f0
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000171b10230
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000171b10480
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000171b103a0
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000171b102f0
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000171b10350
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000171b10290
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000171b102b0
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000171b103d0
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000171b10330
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000171b10410
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000171b10240
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000171b101e0
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000171b10250
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000171b10490
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000171b104a0
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000171b10300
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000171b10360
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000171b102a0
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000171b102c0
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000171b10380
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000171b10340
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000171b10440
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000171b10260
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000171b10270
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000171b10400
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000171b101f0
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000171b10210
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000171b10200
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000171b10420
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000171b10430
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000171b10220
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000171b10280
.text C:\Windows\system32\svchost.exe[1228] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1432] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Windows\system32\nvvsvc.exe[1440] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000171b10460
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000171b10450
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000171b10370
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000171b10470
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000171b103e0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000171b10320
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000171b103b0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000171b10390
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000171b102e0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000171b102d0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000171b10310
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000171b103c0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000171b103f0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000171b10230
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000171b10480
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000171b103a0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000171b102f0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000171b10350
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000171b10290
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000171b102b0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000171b103d0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000171b10330
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000171b10410
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000171b10240
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000171b101e0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000171b10250
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000171b10490
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000171b104a0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000171b10300
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000171b10360
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000171b102a0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000171b102c0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000171b10380
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000171b10340
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000171b10440
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000171b10260
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000171b10270
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000171b10400
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000171b101f0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000171b10210
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000171b10200
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000171b10420
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000171b10430
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000171b10220
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000171b10280
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\Dwm.exe[1848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Windows\Explorer.EXE[1884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Windows\System32\spoolsv.exe[2036] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000171b10460
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000171b10450
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000171b10370
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000171b10470
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000171b103e0
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000171b10320
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000171b103b0
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000171b10390
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000171b102e0
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000171b102d0
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000171b10310
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000171b103c0
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000171b103f0
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000171b10230
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000171b10480
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000171b103a0
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000171b102f0
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000171b10350
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000171b10290
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000171b102b0
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000171b103d0
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000171b10330
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000171b10410
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000171b10240
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000171b101e0
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000171b10250
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000171b10490
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000171b104a0
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000171b10300
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000171b10360
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000171b102a0
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000171b102c0
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000171b10380
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000171b10340
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000171b10440
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000171b10260
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000171b10270
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000171b10400
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000171b101f0
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000171b10210
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000171b10200
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000171b10420
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000171b10430
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000171b10220
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000171b10280
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[1488] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074e81465 2 bytes [E8, 74]
.text C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074e814bb 2 bytes [E8, 74]
.text ... * 2
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Windows\system32\taskeng.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2116] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2232] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2356] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2420] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2468] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2468] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074e81465 2 bytes [E8, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2468] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074e814bb 2 bytes [E8, 74]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2612] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2612] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074e81465 2 bytes [E8, 74]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2612] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074e814bb 2 bytes [E8, 74]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2652] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2652] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074e81465 2 bytes [E8, 74]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2652] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074e814bb 2 bytes [E8, 74]
.text ... * 2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[924] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]

Napo33 · 07.10.2014, 12:38

.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000171b10460
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000171b10450
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000171b10370
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000171b10470
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000171b103e0
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000171b10320
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000171b103b0
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000171b10390
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000171b102e0
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000171b102d0
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000171b10310
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000171b103c0
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000171b103f0
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000171b10230
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000171b10480
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000171b103a0
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000171b102f0
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000171b10350
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000171b10290
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000171b102b0
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000171b103d0
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000171b10330
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000171b10410
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000171b10240
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000171b101e0
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000171b10250
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000171b10490
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000171b104a0
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000171b10300
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000171b10360
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000171b102a0
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000171b102c0
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000171b10380
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000171b10340
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000171b10440
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000171b10260
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000171b10270
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000171b10400
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000171b101f0
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000171b10210
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000171b10200
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000171b10420
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000171b10430
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000171b10220
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000171b10280
.text C:\Windows\system32\svchost.exe[3132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\PROGRA~3\zoomify2\110~1.25\wzoomifyd.exe[3256] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\PROGRA~3\zoomify2\110~1.25\wzoomifyd.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074e81465 2 bytes [E8, 74]
.text C:\PROGRA~3\zoomify2\110~1.25\wzoomifyd.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074e814bb 2 bytes [E8, 74]
.text ... * 2
.text C:\PROGRA~3\zoomify2\110~1.25\zoomify.exe[3284] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\PROGRA~3\zoomify2\110~1.25\zoomify.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074e81465 2 bytes [E8, 74]
.text C:\PROGRA~3\zoomify2\110~1.25\zoomify.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074e814bb 2 bytes [E8, 74]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3388] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Program Files\iPod\bin\iPodService.exe[3560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Windows\system32\SearchIndexer.exe[3672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000171b10460
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000171b10450
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000171b10370
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000171b10470
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000171b103e0
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000171b10320
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000171b103b0
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000171b10390
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000171b102e0
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000171b102d0
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000171b10310
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000171b103c0
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000171b103f0
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000171b10230
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000171b10480
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000171b103a0
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000171b102f0
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000171b10350
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000171b10290
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000171b102b0
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000171b103d0
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000171b10330
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000171b10410
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000171b10240
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000171b101e0
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000171b10250
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000171b10490
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000171b104a0
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000171b10300
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000171b10360
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000171b102a0
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000171b102c0
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000171b10380
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000171b10340
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000171b10440
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000171b10260
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000171b10270
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000171b10400
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000171b101f0
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000171b10210
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000171b10200
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000171b10420
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000171b10430
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000171b10220
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000171b10280
.text C:\Windows\system32\svchost.exe[3096] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000076e60460
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000076e60450
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000076e60370
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000076e60470
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000076e603e0
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000076e60320
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000076e603b0
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000076e60390
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000076e602e0
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000076e602d0
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000076e60310
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000076e603c0
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000076e603f0
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000076e60230
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000076e60480
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000076e603a0
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000076e602f0
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000076e60350
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000076e60290
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000076e602b0
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000076e603d0
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000076e60330
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000076e60410
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000076e60240
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000076e601e0
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000076e60250
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000076e60490
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000076e604a0
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000076e60300
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000076e60360
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000076e602a0
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000076e602c0
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000076e60380
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000076e60340
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000076e60440
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000076e60260
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000076e60270
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000076e60400
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000076e601f0
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000076e60210
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000076e60200
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000076e60420
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000076e60430
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000076e60220
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000076e60280
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1940] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d01360 5 bytes JMP 0000000171b10460
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d013b0 5 bytes JMP 0000000171b10450
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d01510 5 bytes JMP 0000000171b10370
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d01560 5 bytes JMP 0000000171b10470
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d01570 5 bytes JMP 0000000171b103e0
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d01620 5 bytes JMP 0000000171b10320
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d01650 5 bytes JMP 0000000171b103b0
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d01670 5 bytes JMP 0000000171b10390
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d016b0 5 bytes JMP 0000000171b102e0
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d01730 5 bytes JMP 0000000171b102d0
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d01750 5 bytes JMP 0000000171b10310
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d01790 5 bytes JMP 0000000171b103c0
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d017e0 5 bytes JMP 0000000171b103f0
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d01940 5 bytes JMP 0000000171b10230
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d01b00 5 bytes JMP 0000000171b10480
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d01b30 5 bytes JMP 0000000171b103a0
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d01c10 5 bytes JMP 0000000171b102f0
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d01c20 5 bytes JMP 0000000171b10350
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d01c80 5 bytes JMP 0000000171b10290
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d01d10 5 bytes JMP 0000000171b102b0
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d01d30 5 bytes JMP 0000000171b103d0
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d01d40 5 bytes JMP 0000000171b10330
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d01db0 5 bytes JMP 0000000171b10410
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d01de0 5 bytes JMP 0000000171b10240
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d020a0 5 bytes JMP 0000000171b101e0
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d02160 5 bytes JMP 0000000171b10250
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d02190 5 bytes JMP 0000000171b10490
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d021a0 5 bytes JMP 0000000171b104a0
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d021d0 5 bytes JMP 0000000171b10300
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d021e0 5 bytes JMP 0000000171b10360
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d02240 5 bytes JMP 0000000171b102a0
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d02290 5 bytes JMP 0000000171b102c0
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d022c0 5 bytes JMP 0000000171b10380
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d022d0 5 bytes JMP 0000000171b10340
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d025c0 5 bytes JMP 0000000171b10440
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d027c0 5 bytes JMP 0000000171b10260
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d027d0 5 bytes JMP 0000000171b10270
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d027e0 5 bytes JMP 0000000171b10400
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d029a0 5 bytes JMP 0000000171b101f0
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d029b0 5 bytes JMP 0000000171b10210
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d02a20 5 bytes JMP 0000000171b10200
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d02a80 5 bytes JMP 0000000171b10420
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d02a90 5 bytes JMP 0000000171b10430
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d02aa0 5 bytes JMP 0000000171b10220
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d02b80 5 bytes JMP 0000000171b10280
.text C:\Windows\System32\svchost.exe[3144] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeeecd 1 byte [62]
.text C:\Users\Arne\Desktop\Gmer-19357.exe[4152] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007681a2ba 1 byte [62]
.text C:\Users\Arne\Desktop\Gmer-19357.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074e81465 2 bytes [E8, 74]
.text C:\Users\Arne\Desktop\Gmer-19357.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074e814bb 2 bytes [E8, 74]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [852:488] 0000000076987587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [852:2004] 000000006b6d0cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [852:4672] 0000000076ee2e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [852:3404] 0000000076ee3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [852:5260] 0000000076ee3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [852:6068] 0000000076ee3e85
Thread C:\Windows\System32\svchost.exe [3144:3120] 000007fef0799688
---- Processes - GMER 2.1 ----

Library C:\PROGRA~3\zoomify2\110~1.25\zoomifyl64.dll (*** suspicious ***) @ C:\Windows\system32\Dwm.exe [1848] (COMPANY_NAME)(2014-10-02 08:27:52) 000007fef1260000
Library C:\PROGRA~3\zoomify2\110~1.25\zoomifyl64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1884] (COMPANY_NAME)(2014-10-02 08:27:52) 000007fef1260000
Library C:\PROGRA~3\zoomify2\110~1.25\zoomifyl32.dll (*** suspicious ***) @ C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe [1488] (COMPANY_NAME)(2014-10-02 08:26:24) 0000000066ec0000
Process C:\PROGRA~3\zoomify2\110~1.25\wzoomifyd.exe (*** suspicious ***) @ C:\PROGRA~3\zoomify2\110~1.25\wzoomifyd.exe [3256] (Zoomify Agent)(2014-10-0 0000000000400000
Process C:\PROGRA~3\zoomify2\110~1.25\zoomify.exe (*** suspicious ***) @ C:\PROGRA~3\zoomify2\110~1.25\zoomify.exe [3284] (Zoomify Agent)(2014-10-02 08:27: 0000000001080000
Library C:\PROGRA~3\zoomify2\110~1.25\zoomifyutil32.dll (*** suspicious ***) @ C:\PROGRA~3\zoomify2\110~1.25\zoomify.exe [3284] (Zoomify Agent)(2014- 0000000072700000
Process C:\PROGRA~3\zoomify2\110~1.25\zoomifyD32.exe (*** suspicious ***) @ C:\PROGRA~3\zoomify2\110~1.25\zoomifyD32.exe [4280] (Zoomify Agent)(2014- 0000000000220000
Library C:\PROGRA~3\zoomify2\110~1.25\zoomifyutil32.dll (*** suspicious ***) @ C:\PROGRA~3\zoomify2\110~1.25\zoomifyD32.exe [4280] (Zoomify Agent) 0000000072700000
Library C:\PROGRA~3\zoomify2\110~1.25\zoomifyl32.dll (*** suspicious ***) @ C:\PROGRA~3\zoomify2\110~1.25\zoomifyD32.exe [4280] (COMPANY_NAME)(2014-1 0000000066ec0000
Process C:\PROGRA~3\zoomify2\110~1.25\zoomifyL64.exe (*** suspicious ***) @ C:\PROGRA~3\zoomify2\110~1.25\zoomifyL64.exe [4552] (Zoomify Agent)(2014- 000000013f2d0000
Library C:\PROGRA~3\zoomify2\110~1.25\zoomifyl64.dll (*** suspicious ***) @ C:\PROGRA~3\zoomify2\110~1.25\zoomifyL64.exe [4552] (COMPANY_NAME)(2014-1 000007fef1260000
Process C:\PROGRA~3\zoomify2\110~1.25\zoomifyL32.exe (*** suspicious ***) @ C:\PROGRA~3\zoomify2\110~1.25\zoomifyL32.exe [4692] (Zoomify Agent)(2014- 00000000011e0000
Library C:\PROGRA~3\zoomify2\110~1.25\zoomifyl32.dll (*** suspicious ***) @ C:\PROGRA~3\zoomify2\110~1.25\zoomifyL32.exe [4692] (COMPANY_NAME)(2014-1 0000000066ec0000
Library C:\PROGRA~3\zoomify2\110~1.25\zoomifyl32.dll (*** suspicious ***) @ C:\Users\Arne\Desktop\Gmer-19357.exe [4152] (COMPANY_NAME)(2014-10-02 08:26:24) 0000000066ec0000

---- EOF - GMER 2.1 ----

schrauber · 08.10.2014, 11:15

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Napo33 · 08.10.2014, 12:44

Combofix Logfile:

Code:

ATTFilter

ComboFix 14-10-04.01 - Arne 08.10.2014  13:25:28.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4091.2729 [GMT 2:00]
ausgeführt von:: c:\users\Arne\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-09-08 bis 2014-10-08  ))))))))))))))))))))))))))))))
.
.
2014-10-08 11:32 . 2014-10-08 11:32	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-10-08 11:32 . 2014-10-08 11:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-10-08 11:28 . 2014-10-08 11:28	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5370CB4F-130A-42C3-8D18-040336882DC4}\offreg.dll
2014-10-07 09:53 . 2014-10-07 09:56	--------	d-----w-	C:\FRST
2014-10-07 00:03 . 2014-10-07 00:03	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2014-10-06 23:54 . 2014-09-15 00:08	11578928	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5370CB4F-130A-42C3-8D18-040336882DC4}\mpengine.dll
2014-10-06 21:09 . 2014-10-06 22:58	--------	d-----w-	C:\AdwCleaner
2014-10-06 20:14 . 2014-10-06 20:14	--------	d-----w-	c:\users\Arne\AppData\Roaming\Abelssoft
2014-10-06 20:14 . 2014-10-06 20:14	--------	d-----w-	c:\programdata\XDMessagingv4
2014-10-06 20:14 . 2014-10-06 20:14	--------	d-----w-	c:\users\Arne\AppData\Local\Abelssoft
2014-10-06 20:04 . 2011-05-13 10:16	493056	----a-w-	c:\windows\SysWow64\dhRichClient3.dll
2014-10-06 20:04 . 2011-03-25 18:42	338432	----a-w-	c:\windows\SysWow64\sqlite36_engine.dll
2014-10-06 20:04 . 2014-10-06 20:04	--------	d-----w-	c:\users\Arne\AppData\Roaming\DesktopIconGoodgame
2014-10-06 17:42 . 2014-10-06 23:24	--------	d-----w-	c:\users\Arne\AppData\Roaming\eCyber
2014-10-06 17:41 . 2014-09-22 12:13	49320	----a-w-	c:\windows\system32\drivers\iSafeNetFilter.sys
2014-10-06 17:41 . 2014-09-30 10:18	45224	----a-w-	c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-10-06 17:41 . 2014-10-06 17:41	--------	d-----w-	c:\program files (x86)\Elex-tech
2014-10-06 17:41 . 2014-10-06 17:41	--------	d-----w-	c:\users\Arne\AppData\Roaming\Elex-tech
2014-10-06 14:09 . 2014-10-06 14:09	--------	d-----w-	c:\programdata\Malwarebytes
2014-10-06 13:49 . 2014-10-06 23:24	--------	d-----w-	c:\windows\system32\log
2014-10-06 13:16 . 2014-10-06 13:16	--------	d-----w-	c:\program files\Enigma Software Group
2014-10-06 13:15 . 2014-10-06 13:58	--------	d-----w-	c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-06 13:15 . 2014-10-06 13:15	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2014-10-06 13:01 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-10-06 09:13 . 2014-10-06 09:13	--------	d-----w-	c:\programdata\zoomify2
2014-10-05 22:46 . 2014-10-05 22:46	1544600	----a-w-	c:\users\Arne\AppData\Roaming\KZXMT.exe
2014-10-05 22:46 . 2014-10-05 22:46	2015640	----a-w-	c:\users\Arne\AppData\Roaming\NMBDOU.exe
2014-09-27 19:39 . 2014-09-27 19:39	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2014-09-27 19:36 . 2014-10-06 23:24	--------	d-----w-	c:\users\Arne\AppData\Roaming\InetStat
2014-09-16 09:23 . 2014-09-16 09:24	--------	d-----r-	c:\program files (x86)\Skype
2014-09-16 09:23 . 2014-09-16 09:23	--------	d-----w-	c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 09:26 . 2014-01-07 18:39	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 09:26 . 2014-01-07 18:39	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-15 07:06 . 2014-01-05 16:56	278152	------w-	c:\windows\system32\MpSigStub.exe
2014-08-21 13:58 . 2014-08-21 13:58	0	---ha-w-	c:\users\Arne\AppData\Local\BIT267B.tmp
2014-08-06 14:56 . 2014-01-06 15:26	427360	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-08-06 14:55 . 2014-08-06 14:56	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-08-06 14:55 . 2014-01-06 15:27	92008	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-08-06 14:55 . 2014-01-06 15:27	224896	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-08-06 14:55 . 2014-01-06 15:26	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-08-06 14:55 . 2014-01-06 15:26	1041168	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-08-06 14:55 . 2014-01-06 15:26	79184	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-08-06 14:55 . 2014-01-06 15:26	307344	----a-w-	c:\windows\system32\aswBoot.exe
2014-08-06 14:55 . 2014-01-06 15:26	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-08-06 14:55 . 2014-08-06 14:55	43152	----a-w-	c:\windows\avastSS.scr
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-06 4085896]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0sdnclean64.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iSafeKrnlBoot;YAC Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 iSafeKrnl;YAC Mini-Filter Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys [x]
S1 iSafeKrnlKit;YAC Kit Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [x]
S1 iSafeKrnlR3;YAC Ring3 Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [x]
S1 iSafeNetFilter;YAC NDIS Driver;c:\windows\system32\DRIVERS\iSafeNetFilter.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeNetFilter.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 iSafeService;YAC Service;c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe;c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 wzoomifyd;wzoomifyd;c:\progra~3\zoomify2\110~1.25\wzoomifyd.exe;c:\progra~3\zoomify2\110~1.25\wzoomifyd.exe [x]
S2 zoomify;zoomify;c:\progra~3\zoomify2\110~1.25\zoomify.exe;c:\progra~3\zoomify2\110~1.25\zoomify.exe [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 07:51	1096520	----a-w-	c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-07 09:26]
.
2014-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-04 22:31]
.
2014-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-04 22:31]
.
2014-10-08 c:\windows\Tasks\KZXMT.job
- c:\users\Arne\AppData\Roaming\KZXMT.exe [2014-10-05 22:46]
.
2014-10-08 c:\windows\Tasks\NMBDOU.job
- c:\users\Arne\AppData\Roaming\NMBDOU.exe [2014-10-05 22:46]
.
2014-10-08 c:\windows\Tasks\Tempo Runner wzoomifyd.job
- c:\progra~3\zoomify2\110~1.25\wzoomifyd.exe [2014-10-02 08:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-06 14:55	634872	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mSearch Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.0.43.193 217.0.43.1
FF - ProfilePath - c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\df3df6ur.default-1412603674226\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-08  13:38:57
ComboFix-quarantined-files.txt  2014-10-08 11:38
.
Vor Suchlauf: 9 Verzeichnis(se), 111.672.262.656 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 112.826.531.840 Bytes frei
.
- - End Of File - - AC03D2F3A4E26D984F85AF94906E204B

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

Hi,

ich hoffe es ist das was benötigt wird?!

Gruss

schrauber · 09.10.2014, 10:14

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Napo33 · 09.10.2014, 11:14

Moin Moin,

schon mal vielen Dank. Es haben sich schon erste Erfolge eingestellt, die unterstrichenen Wörter, die Dauerwerbung auf jeder Webseite so die neuen Taps sind bereits verschwunden. Auch läuft die Kiste wieder schneller!AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.311 - Bericht erstellt am 06/10/2014 um 23:11:40
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Arne - ARNE-PC
# Gestartet von : C:\Users\Arne\Downloads\adwcleaner_3.311.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Arne\AppData\Local\Temp\iSafeRightKeyScan
Ordner Gelöscht : C:\Users\Arne\AppData\Roaming\eCyber
Ordner Gelöscht : C:\Users\Arne\AppData\Roaming\FirefoxToolbar
Ordner Gelöscht : C:\Users\Arne\AppData\Roaming\InetStat
Datei Gelöscht : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
Datei Gelöscht : C:\Windows\System32\log\iSafeKrnlCall.log
Datei Gelöscht : C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
Datei Gelöscht : C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : LaunchSignup
Task Gelöscht : RocketTab Update Task
Task Gelöscht : RocketTab

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5411D116-5A37-47D4-B154-5F7FCD9062F0}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Schlüssel Gelöscht : HKCU\Software\clicup
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\RocketTabInstalled
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gelöscht : HKLM\SOFTWARE\RocketTab
Schlüssel Gelöscht : HKLM\SOFTWARE\SmdmF
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v32.0.3 (x86 de)

[ Datei : C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\df3df6ur.default-1412603674226\prefs.js ]


-\\ Google Chrome v37.0.2062.124

[ Datei : C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9350 octets] - [06/10/2014 23:10:03]
AdwCleaner[S0].txt - [8540 octets] - [06/10/2014 23:11:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8600 octets] ##########

--- --- ---
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.311 - Bericht erstellt am 09/10/2014 um 11:55:25
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Arne - ARNE-PC
# Gestartet von : C:\Users\Arne\Downloads\AdwCleaner_3.311.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Arne\AppData\Roaming\eCyber
Ordner Gelöscht : C:\Users\Arne\AppData\Roaming\InetStat
Datei Gelöscht : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
Datei Gelöscht : C:\Windows\System32\log\iSafeKrnlCall.log
Datei Gelöscht : C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : LaunchSignup
Task Gelöscht : RocketTab Update Task
Task Gelöscht : RocketTab

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5411D116-5A37-47D4-B154-5F7FCD9062F0}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : HKCU\Software\clicup
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v32.0.3 (x86 de)

[ Datei : C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\df3df6ur.default-1412603674226\prefs.js ]


-\\ Google Chrome v37.0.2062.124

[ Datei : C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [17621 octets] - [06/10/2014 23:10:03]
AdwCleaner[R1].txt - [1905 octets] - [07/10/2014 00:40:32]
AdwCleaner[R2].txt - [1940 octets] - [07/10/2014 00:57:14]
AdwCleaner[S0].txt - [16357 octets] - [06/10/2014 23:11:40]
AdwCleaner[S1].txt - [1775 octets] - [07/10/2014 00:42:58]
AdwCleaner[S2].txt - [1810 octets] - [07/10/2014 00:58:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16538 octets] ##########

--- --- ---
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 09.10.2014
Suchlauf-Zeit: 11:30:04
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.10.09.04
Rootkit Datenbank: v2014.10.08.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Arne

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 359534
Verstrichene Zeit: 13 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 11
PUP.Optional.Snapdo.T, HKU\S-1-5-21-856369245-1405169768-1277596959-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [01a71cf6a3d923133efad7fef01237c9],
PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, Löschen bei Neustart, [24842ee46d0ffe38d7279dfba0624cb4],
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, In Quarantäne, [5157848e7ffd0e281ec402176f9423dd],
PUP.Optional.RocketTab.A, HKLM\SOFTWARE\WOW6432NODE\RocketTab, In Quarantäne, [acfc64ae3d3f1026826a0e07b05319e7],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SmdmF, In Quarantäne, [7a2e1bf74b3136006bc62eec26dda65a],
PUP.Optional.Zoomify.A, HKLM\SOFTWARE\WOW6432NODE\zoomify, In Quarantäne, [24843ed4c1bbb4821051030e9172e61a],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, In Quarantäne, [50586ca6a8d44de923a6db45d42f21df],
PUP.Optional.Zoomify.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wzoomifyd, In Quarantäne, [9216769c93e9e94dafb030e1847f9e62],
PUP.Optional.Zoomify.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zoomify, In Quarantäne, [cddb30e2e29ad85ec19fe22f897afd03],
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HD-Quality-v3V05.10, In Quarantäne, [e6c2fa186d0fea4cc8051ff3768d758b],
PUP.Optional.RocketTab.A, HKU\S-1-5-21-856369245-1405169768-1277596959-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RocketTabInstalled, In Quarantäne, [edbbf02255273ef8935ba273df240af6],

Registrierungswerte: 3
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [50586ca6a8d44de923a6db45d42f21df]
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\s2k9j764.default\extensions\quick_start@gmail.com, In Quarantäne, [62463fd380fc5dd96617291346bdfa06]
PUP.Optional.QuickStart.A, HKU\S-1-5-21-856369245-1405169768-1277596959-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, In Quarantäne, [aafe6ba777052115782e73b3a360b050]

Registrierungsdaten: 1
PUP.Optional.SnapDo.A, HKU\S-1-5-21-856369245-1405169768-1277596959-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaklm31XHoHPezyxuXcoLyh8uf9z36AtrHb4-NUwcB-250bU1K4xXyleDmwEyhBSBo3ArDiGT3qRktIHmaJaVLnxYQGkJ6NUh2SjzfBaTmy_UHxzwW5EdaI39VIOF4iplM4LcLJcaCxgsILTtzWynYe7FDRP8Hscat77fd0zyadcr0UWCgS_r3LGwQ,,&q={s earchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaklm31XHoHPezyxuXcoLyh8uf9z36AtrHb4-NUwcB-250bU1K4xXyleDmwEyhBSBo3ArDiGT3qRktIHmaJaVLnxYQGkJ6NUh2SjzfBaTmy_UHxzwW5EdaI39VIOF4iplM4LcLJcaCxgsILTtzWynYe7FDRP8Hscat77fd0zyadcr0UWCgS_r3LGwQ,,&q={s earchTerms}),Ersetzt,[5a4ece44ee8e0f27f38bbb5358adec14]

Ordner: 3
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2, Löschen bei Neustart, [189065ad304c0d298f89987751b22cd4],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25, Löschen bei Neustart, [189065ad304c0d298f89987751b22cd4],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\content, In Quarantäne, [189065ad304c0d298f89987751b22cd4],

Dateien: 26
PUP.Optional.HDQuality.A, C:\Users\Arne\AppData\Roaming\KZXMT.exe, In Quarantäne, [dcccdc369ededd598f8731937f8234cc],
PUP.Optional.HDQuality.A, C:\Users\Arne\AppData\Roaming\NMBDOU.exe, In Quarantäne, [4d5be42e3448ce68aa6cdde717ead42c],
PUP.Optional.Amonetize, C:\Users\Arne\Downloads\czech.hunter.4.full.episode.free__6629_i1342853153_il32438.exe, In Quarantäne, [fdab070b1369f73f947a5565e51cf60a],
PUP.Optional.DomaIQ, C:\Users\Arne\Downloads\Setup(2).exe, In Quarantäne, [f1b78191a6d6fe38a0071b224ab69a66],
PUP.Optional.OutBrowse, C:\Users\Arne\Downloads\Update_Mozilla_Firefox.exe, In Quarantäne, [dace4dc52b510630e99fb80d3cc525db],
PUP.Optional.Somoto.A, C:\Users\Arne\Downloads\FLVPlayerSetup-Na2IXsKeB.exe, In Quarantäne, [3c6cb260215bf34331ec513fd92b27d9],
PUP.Optional.Verti, C:\Users\Arne\Downloads\MediaPlayerClassic.exe, In Quarantäne, [adfb45cd0c70ce6856980ce4f50fe31d],
PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab, In Quarantäne, [11977d9505771d1914dcf52042c1639d],
PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab Update Task, In Quarantäne, [6741d53da9d359ddf6fa0312847fe31d],
PUP.Optional.Trovi.A, C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.trovi.com_0.localstorage, In Quarantäne, [deca030f36465dd95eb663cc5da635cb],
PUP.Optional.Trovi.A, C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.trovi.com_0.localstorage-journal, In Quarantäne, [edbbc44e80fc43f344d0f43bee15728e],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\wzoomifyd.exe, Löschen bei Neustart, [9216769c93e9e94dafb030e1847f9e62],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\zoomify.exe, Löschen bei Neustart, [cddb30e2e29ad85ec19fe22f897afd03],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\logo.ico, In Quarantäne, [189065ad304c0d298f89987751b22cd4],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\Uninstaller.exe, In Quarantäne, [189065ad304c0d298f89987751b22cd4],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\zoomifyD32.exe, Löschen bei Neustart, [189065ad304c0d298f89987751b22cd4],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\zoomifyL32.dll, Löschen bei Neustart, [189065ad304c0d298f89987751b22cd4],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\zoomifyL32.exe, Löschen bei Neustart, [189065ad304c0d298f89987751b22cd4],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\zoomifyL64.dll, Löschen bei Neustart, [189065ad304c0d298f89987751b22cd4],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\zoomifyL64.exe, Löschen bei Neustart, [189065ad304c0d298f89987751b22cd4],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\zoomifyutil32.dll, Löschen bei Neustart, [189065ad304c0d298f89987751b22cd4],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\content\dgapi.js, In Quarantäne, [189065ad304c0d298f89987751b22cd4],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\content\dgmain_app_bg.js, In Quarantäne, [189065ad304c0d298f89987751b22cd4],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\content\dgmain_app_cs.js, In Quarantäne, [189065ad304c0d298f89987751b22cd4],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\content\jquery4toolbar.js, In Quarantäne, [189065ad304c0d298f89987751b22cd4],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\content\witmain.js, In Quarantäne, [189065ad304c0d298f89987751b22cd4],

Physische Sektoren: 0
(No malicious items detected)

(end)JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Ultimate x64
Ran by Arne on 09.10.2014 at 12:00:45,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] isafekrnl 
Failed to stop: [Service] isafeservice 



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\df3df6ur.default-1412603674226\minidumps [11 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.10.2014 at 12:08:09,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Arne (administrator) on ARNE-PC on 09-10-2014 12:10:03
Running from C:\Users\Arne\Desktop
Loaded Profiles: Arne & UpdatusUser (Available profiles: Arne & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-856369245-1405169768-1277596959-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A55E714350ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 217.0.43.193 217.0.43.1

FireFox:
========
FF ProfilePath: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\df3df6ur.default-1412603674226
FF NewTab: hxxp://www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-06]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR RestoreOnStartup: Default -> "hxxp://www.google.com"
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> Google
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16]
CHR Extension: (YouTube) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Google-Suche) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (avast! Online Security) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-05]
CHR Extension: (Skype Click to Call) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-16]
CHR Extension: (Google Wallet) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (Google Mail) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-09-30] (Elex do Brasil Participações Ltda)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-06] ()
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-09-30] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-09-30] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-09-30] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-09-22] (Elex do Brasil Participações Ltda)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 12:08 - 2014-10-09 12:08 - 00000846 _____ () C:\Users\Arne\Desktop\JRT.txt
2014-10-09 12:00 - 2014-10-09 12:00 - 00000000 ____D () C:\Windows\ERUNT
2014-10-09 11:58 - 2014-10-09 11:58 - 01705755 _____ (Thisisu) C:\Users\Arne\Downloads\JRT.exe
2014-10-09 11:56 - 2014-10-09 11:56 - 00016631 _____ () C:\Users\Arne\Desktop\AdwCleaner[S0].txt
2014-10-09 11:52 - 2014-10-09 11:52 - 01375089 _____ () C:\Users\Arne\Downloads\AdwCleaner_3.311.exe
2014-10-09 11:51 - 2014-10-09 11:51 - 00007930 _____ () C:\Users\Arne\Desktop\mbam.txt
2014-10-09 11:44 - 2014-10-09 11:45 - 00000298 _____ () C:\Windows\Tasks\Tempo Runner zoomifyL32.job
2014-10-09 11:44 - 2014-10-09 11:44 - 00002736 _____ () C:\Windows\System32\Tasks\Tempo Runner zoomifyL32
2014-10-09 11:44 - 2014-10-09 11:44 - 00000298 _____ () C:\Windows\Tasks\Tempo Runner zoomifyL64.job
2014-10-09 11:44 - 2014-10-09 11:44 - 00000298 _____ () C:\Windows\Tasks\Tempo Runner zoomifyD32.job
2014-10-09 11:28 - 2014-10-09 11:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-09 11:28 - 2014-10-09 11:28 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-09 11:28 - 2014-10-09 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-09 11:28 - 2014-10-09 11:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-09 11:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-09 11:28 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-09 11:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-09 11:25 - 2014-10-09 11:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Arne\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-10-08 13:40 - 2014-10-08 13:40 - 00018664 _____ () C:\Users\Arne\Desktop\ComboFix.txt
2014-10-08 13:38 - 2014-10-08 13:38 - 00018664 _____ () C:\ComboFix.txt
2014-10-08 13:22 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-08 13:22 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-08 13:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-08 13:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-08 13:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-08 13:22 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-08 13:22 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-08 13:22 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-08 13:18 - 2014-10-08 13:39 - 00000000 ____D () C:\Qoobox
2014-10-08 13:18 - 2014-10-08 13:34 - 00000000 ____D () C:\Windows\erdnt
2014-10-08 13:13 - 2014-10-08 13:14 - 05582481 ____R (Swearware) C:\Users\Arne\Desktop\ComboFix.exe
2014-10-08 12:27 - 2014-10-08 12:27 - 00002268 _____ () C:\Windows\System32\Tasks\Tempo Runner wzoomifyd
2014-10-08 12:27 - 2014-10-08 12:27 - 00000196 _____ () C:\Windows\Tasks\Tempo Runner wzoomifyd.job
2014-10-07 12:12 - 2014-10-07 12:12 - 00314227 _____ () C:\Users\Arne\Desktop\Gmer.txt
2014-10-07 12:03 - 2014-10-07 12:03 - 00380416 _____ () C:\Users\Arne\Desktop\Gmer-19357.exe
2014-10-07 12:01 - 2014-10-07 12:01 - 00000470 _____ () C:\Users\Arne\Desktop\defogger_disable.log
2014-10-07 11:54 - 2014-10-07 11:56 - 00021543 _____ () C:\Users\Arne\Desktop\Addition.txt
2014-10-07 11:53 - 2014-10-09 12:10 - 00013954 _____ () C:\Users\Arne\Desktop\FRST.txt
2014-10-07 11:53 - 2014-10-09 12:10 - 00000000 ____D () C:\FRST
2014-10-07 11:51 - 2014-10-07 11:52 - 02109952 _____ (Farbar) C:\Users\Arne\Desktop\FRST64.exe
2014-10-07 11:50 - 2014-10-07 11:51 - 01101312 _____ (Farbar) C:\Users\Arne\Desktop\FRST.exe
2014-10-07 11:49 - 2014-10-07 11:49 - 00000470 _____ () C:\Windows\SysWOW64\defogger_disable.log
2014-10-07 11:49 - 2014-10-07 11:49 - 00000000 _____ () C:\Users\Arne\defogger_reenable
2014-10-07 11:46 - 2014-10-07 11:46 - 00050477 _____ () C:\Users\Arne\Desktop\Defogger.exe
2014-10-07 02:03 - 2014-10-07 02:03 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-07 02:03 - 2014-10-07 02:03 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-07 02:03 - 2014-10-07 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-07 02:00 - 2014-10-07 02:00 - 00244408 _____ () C:\Users\Arne\Downloads\Firefox Setup Stub 32.0.3 (1).exe
2014-10-06 23:09 - 2014-10-09 11:55 - 00000000 ____D () C:\AdwCleaner
2014-10-06 22:14 - 2014-10-06 22:17 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-10-06 22:14 - 2014-10-06 22:14 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Abelssoft
2014-10-06 22:14 - 2014-10-06 22:14 - 00000000 ____D () C:\Users\Arne\AppData\Local\Abelssoft
2014-10-06 22:14 - 2014-10-06 22:14 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-10-06 22:12 - 2014-10-06 22:13 - 01589182 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-06 22:04 - 2014-10-06 22:04 - 00001452 _____ () C:\Users\Arne\Desktop\Goodgame Empire.lnk
2014-10-06 22:04 - 2014-10-06 22:04 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\DesktopIconGoodgame
2014-10-06 22:04 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-10-06 22:04 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-10-06 22:03 - 2014-10-06 22:03 - 01101648 _____ () C:\Users\Arne\Downloads\HijackThis - CHIP-Installer.exe
2014-10-06 21:01 - 2014-10-09 11:56 - 00001904 _____ () C:\Windows\setupact.log
2014-10-06 21:01 - 2014-10-06 21:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-06 21:00 - 2014-10-09 11:56 - 00014056 _____ () C:\Windows\PFRO.log
2014-10-06 19:41 - 2014-10-07 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-10-06 19:41 - 2014-10-06 19:41 - 00001902 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-10-06 19:41 - 2014-10-06 19:41 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Elex-tech
2014-10-06 19:41 - 2014-10-06 19:41 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-10-06 19:41 - 2014-09-22 14:13 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2014-10-06 16:09 - 2014-10-06 16:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-06 16:07 - 2014-10-06 16:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Arne\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-06 15:49 - 2014-10-09 11:55 - 00000000 ____D () C:\Windows\system32\log
2014-10-06 15:18 - 2014-10-06 15:18 - 00000000 _____ () C:\autoexec.bat
2014-10-06 15:16 - 2014-10-06 15:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-06 15:15 - 2014-10-06 15:58 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-06 15:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-06 14:43 - 2014-10-06 15:54 - 00000000 ____D () C:\Users\Arne\Desktop\Alte Firefox-Daten
2014-10-06 11:55 - 2014-10-06 11:55 - 00000099 _____ () C:\Windows\Reimage.ini
2014-10-06 11:42 - 2014-10-06 11:42 - 00244408 _____ () C:\Users\Arne\Downloads\Firefox Setup Stub 32.0.3.exe
2014-10-06 00:46 - 2014-10-09 12:11 - 00001332 _____ () C:\Windows\Tasks\KZXMT.job
2014-10-06 00:46 - 2014-10-09 11:56 - 00001334 _____ () C:\Windows\Tasks\NMBDOU.job
2014-10-06 00:46 - 2014-10-06 00:46 - 00004356 _____ () C:\Windows\System32\Tasks\NMBDOU
2014-10-06 00:46 - 2014-10-06 00:46 - 00004354 _____ () C:\Windows\System32\Tasks\KZXMT
2014-10-06 00:40 - 2014-10-06 00:40 - 00256848 _____ () C:\Users\Arne\Downloads\TinyPlayerInstaller.exe
2014-09-27 21:39 - 2014-09-27 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-27 21:39 - 2014-09-27 21:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-24 22:33 - 2014-10-07 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-16 11:23 - 2014-09-16 11:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-16 11:23 - 2014-09-16 11:23 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-16 11:23 - 2014-09-16 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 11:20 - 2014-09-16 11:20 - 01678440 _____ (Skype Technologies S.A.) C:\Users\Arne\Downloads\SkypeSetup(2).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 12:06 - 2014-01-06 17:27 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-09 12:04 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-09 12:04 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-09 11:56 - 2014-06-05 00:31 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-09 11:56 - 2014-01-05 19:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-09 11:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-09 11:55 - 2014-01-05 01:14 - 01578768 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 11:49 - 2014-06-05 00:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-09 11:26 - 2014-01-07 20:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-09 11:16 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-08 13:33 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-07 11:49 - 2014-01-05 01:18 - 00000000 ____D () C:\Users\Arne
2014-10-07 01:24 - 2014-01-06 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-07 01:24 - 2014-01-06 19:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-07 01:24 - 2014-01-06 17:58 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\FreeCommander
2014-10-07 01:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-10-06 22:42 - 2009-07-14 06:45 - 00417872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-06 22:17 - 2014-01-05 18:38 - 00111336 _____ () C:\Users\Arne\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-06 22:13 - 2009-07-14 19:58 - 00696370 _____ () C:\Windows\system32\perfh007.dat
2014-10-06 22:13 - 2009-07-14 19:58 - 00147634 _____ () C:\Windows\system32\perfc007.dat
2014-10-06 22:13 - 2009-07-14 07:13 - 01589182 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-06 21:00 - 2014-06-05 00:32 - 00000000 ____D () C:\Program Files\Google
2014-10-06 21:00 - 2014-02-04 20:01 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-06 20:57 - 2014-01-05 01:10 - 00000000 ____D () C:\Windows\Panther
2014-10-06 19:45 - 2014-02-04 20:01 - 00000000 ____D () C:\Users\Arne\AppData\Local\Google
2014-10-06 16:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-10-06 15:49 - 2014-06-05 00:33 - 00002233 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-06 14:05 - 2014-01-06 18:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-06 11:30 - 2014-01-05 18:28 - 00000000 ____D () C:\Windows\Minidump
2014-09-28 19:50 - 2014-04-14 10:29 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Skype
2014-09-27 22:10 - 2014-04-14 10:58 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-24 15:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-24 11:26 - 2014-01-07 20:39 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 11:26 - 2014-01-07 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 11:26 - 2014-01-07 20:39 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-19 17:20 - 2014-01-06 19:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 11:23 - 2014-04-14 10:29 - 00000000 ____D () C:\ProgramData\Skype
2014-09-15 09:06 - 2014-01-05 18:56 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-10 10:39 - 2014-08-29 20:06 - 00075570 _____ () C:\Users\Arne\Desktop\l57w45yw.bmp

Some content of TEMP:
====================
C:\Users\Arne\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-27 13:03

==================== End Of Log ============================

--- --- ---

schrauber · 09.10.2014, 19:59

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Napo33 · 10.10.2014, 12:28

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=696c231f46935a46acbbf2f392256d14
# engine=20532
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-10 11:14:39
# local_time=2014-10-10 01:14:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 90 389866 23921275 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 170951 164569529 0 0
# scanned=178968
# found=28
# cleaned=0
# scan_time=6168
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Arne\AppData\Roaming\KZXMT"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Arne\AppData\Roaming\NMBDOU"
sh=63C3BEB91F90F464E78DBF5F4410FAC0610DC275 ft=1 fh=0db8354eb1258fa4 vn="Variante von Win32/Verti.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Arne\Downloads\TinyPlayerInstaller.exe"
sh=D27161080F7B2BC2B5E03B915BC16BC4E17BE5AF ft=1 fh=0036f0974d4feb3d vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Arne\Downloads\trz2BF3.tmp"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="D:\alte_platte_C_2014\AppData\Local\Conduit\CT3031778\SFT_de3AutoUpdateHelper.exe"
sh=3803074FE242DCDB843A75F6A057AC1650AA5623 ft=1 fh=b98be267fa595ad1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\alte_platte_C_2014\AppData\LocalLow\ConduitEngine\ConduitEngin.dll"
sh=37E166E756A9AB25AF72B1B3281B9BC189818A47 ft=1 fh=a195dc62459b977b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\alte_platte_C_2014\AppData\LocalLow\ConduitEngine\ldrConduitEngin.dll"
sh=37E166E756A9AB25AF72B1B3281B9BC189818A47 ft=1 fh=a195dc62459b977b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\alte_platte_C_2014\AppData\LocalLow\SFT_de3\ldrtbSFT_.dll"
sh=3803074FE242DCDB843A75F6A057AC1650AA5623 ft=1 fh=b98be267fa595ad1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\alte_platte_C_2014\AppData\LocalLow\SFT_de3\tbSFT_.dll"
sh=FF58643464A06A17B4FE7BC20EF077A4A63CA6D0 ft=1 fh=3ed4f76e1eec9c5a vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\alte_platte_C_2014\AppData\Roaming\Mozilla\Firefox\Profiles\nsifqfxv.default\extensions\toolbar@ask.com\plugins\npAviraCallingID.dll"
sh=EB4743944995A18BEB3FB34AE99AA7FCFF0B6982 ft=1 fh=5d41c12eaf2b4b0d vn="Variante von Win32/DomaIQ.AN evtl. unerwünschte Anwendung" ac=I fn="D:\alte_platte_C_2014\Downloads\setup player.exe"
sh=AD0A3C863C4C1C8A89BA608C09641E6D6577B4C4 ft=1 fh=81f1eef43efab2d1 vn="Variante von Win32/Bundlore.B evtl. unerwünschte Anwendung" ac=I fn="D:\alte_platte_C_2014\Downloads\setup.exe"
sh=265A7FB8A5040ED34A4EAC850EFBC552AA00ED33 ft=1 fh=848d7299ba17e799 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\alte_platte_D_2014\Program Files (x86)\Ask.com\AviraBrowserSecurity.exe"
sh=42C894591A3B80C428BCFF682557DC35E30538DA ft=1 fh=c187413b38fccc64 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\alte_platte_D_2014\Program Files (x86)\Ask.com\AviraCallingIDhelper.dll"
sh=441CA4F8BCC91C38129B9B3D00D3B9DD934A7B78 ft=1 fh=7a34b03f9074fe72 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\alte_platte_D_2014\Program Files (x86)\Ask.com\GenericAskToolbar.dll"
sh=1B1593688B0B4D69E943E15CA143444B7325C691 ft=1 fh=6272ea900fd9b86d vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\alte_platte_D_2014\Program Files (x86)\Ask.com\precache.exe"
sh=5C3130B2550021868AD007877043D304C525AB11 ft=1 fh=33092ccccfa2de45 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\alte_platte_D_2014\Program Files (x86)\Ask.com\SaUpdate.exe"
sh=7CA12F77F77B5A6A43A9AC9C1F399847F09508D7 ft=1 fh=eb0854eca8537d9d vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\alte_platte_D_2014\Program Files (x86)\Ask.com\UpdateTask.exe"
sh=935FE2F938CBE6F835A0A99D82309E50807511F7 ft=1 fh=69794c8bfd127010 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\alte_platte_D_2014\Program Files (x86)\Ask.com\Updater\Updater.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="D:\alte_platte_D_2014\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\alte_platte_D_2014\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="D:\alte_platte_D_2014\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="D:\alte_platte_D_2014\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=1670BA69124E9B584AE4D068E6770DF33A97ED0A ft=1 fh=445bf9fd42033e60 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="D:\alte_platte_D_2014\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
sh=3803074FE242DCDB843A75F6A057AC1650AA5623 ft=1 fh=b98be267fa595ad1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\alte_platte_D_2014\Program Files (x86)\ConduitEngine\ConduitEngin.dll"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="D:\alte_platte_D_2014\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe"
sh=37E166E756A9AB25AF72B1B3281B9BC189818A47 ft=1 fh=a195dc62459b977b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\alte_platte_D_2014\Program Files (x86)\ConduitEngine\ldrConduitEngin.dll"
sh=EA244E84E1468A6AF4741F2184E113A16F833D8B ft=1 fh=a9c73d0d07b22a58 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="D:\bitte_nicht_löschen\ccsetup402.exe"

Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox (32.0.3)
Google Chrome 37.0.2062.120
Google Chrome 37.0.2062.124
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Arne (administrator) on ARNE-PC on 10-10-2014 13:25:34
Running from C:\Users\Arne\Desktop
Loaded Profiles: Arne & UpdatusUser (Available profiles: Arne & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-856369245-1405169768-1277596959-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A55E714350ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\df3df6ur.default-1412603674226
FF NewTab: hxxp://www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-06]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR RestoreOnStartup: Default -> "hxxp://www.google.com"
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> Google
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16]
CHR Extension: (YouTube) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Google-Suche) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (avast! Online Security) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-05]
CHR Extension: (Skype Click to Call) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-16]
CHR Extension: (Google Wallet) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (Google Mail) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-09-30] (Elex do Brasil Participações Ltda)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-06] ()
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-09-30] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-09-30] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-09-30] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-09-22] (Elex do Brasil Participações Ltda)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 13:21 - 2014-10-10 13:21 - 00854417 _____ () C:\Users\Arne\Desktop\SecurityCheck.exe
2014-10-10 13:15 - 2014-10-10 13:15 - 00003725 _____ () C:\Users\Arne\Desktop\eset.txt
2014-10-10 11:16 - 2014-10-10 11:17 - 02347384 _____ (ESET) C:\Users\Arne\Desktop\esetsmartinstaller_deu.exe
2014-10-09 16:15 - 2014-10-09 16:15 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\eCyber
2014-10-09 12:11 - 2014-10-09 12:11 - 00027871 _____ () C:\Users\Arne\Desktop\FRST2.txt
2014-10-09 12:08 - 2014-10-09 12:08 - 00000846 _____ () C:\Users\Arne\Desktop\JRT.txt
2014-10-09 12:00 - 2014-10-09 12:00 - 00000000 ____D () C:\Windows\ERUNT
2014-10-09 11:58 - 2014-10-09 11:58 - 01705755 _____ (Thisisu) C:\Users\Arne\Downloads\JRT.exe
2014-10-09 11:56 - 2014-10-09 11:56 - 00016631 _____ () C:\Users\Arne\Desktop\AdwCleaner[S0].txt
2014-10-09 11:52 - 2014-10-09 11:52 - 01375089 _____ () C:\Users\Arne\Downloads\AdwCleaner_3.311.exe
2014-10-09 11:51 - 2014-10-09 11:51 - 00007930 _____ () C:\Users\Arne\Desktop\mbam.txt
2014-10-09 11:44 - 2014-10-09 11:45 - 00000298 _____ () C:\Windows\Tasks\Tempo Runner zoomifyL32.job
2014-10-09 11:44 - 2014-10-09 11:44 - 00002736 _____ () C:\Windows\System32\Tasks\Tempo Runner zoomifyL32
2014-10-09 11:44 - 2014-10-09 11:44 - 00000298 _____ () C:\Windows\Tasks\Tempo Runner zoomifyL64.job
2014-10-09 11:44 - 2014-10-09 11:44 - 00000298 _____ () C:\Windows\Tasks\Tempo Runner zoomifyD32.job
2014-10-09 11:28 - 2014-10-09 11:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-09 11:28 - 2014-10-09 11:28 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-09 11:28 - 2014-10-09 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-09 11:28 - 2014-10-09 11:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-09 11:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-09 11:28 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-09 11:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-09 11:25 - 2014-10-09 11:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Arne\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-10-08 13:40 - 2014-10-08 13:40 - 00018664 _____ () C:\Users\Arne\Desktop\ComboFix.txt
2014-10-08 13:38 - 2014-10-08 13:38 - 00018664 _____ () C:\ComboFix.txt
2014-10-08 13:22 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-08 13:22 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-08 13:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-08 13:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-08 13:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-08 13:22 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-08 13:22 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-08 13:22 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-08 13:18 - 2014-10-08 13:39 - 00000000 ____D () C:\Qoobox
2014-10-08 13:18 - 2014-10-08 13:34 - 00000000 ____D () C:\Windows\erdnt
2014-10-08 13:13 - 2014-10-08 13:14 - 05582481 ____R (Swearware) C:\Users\Arne\Desktop\ComboFix.exe
2014-10-08 12:27 - 2014-10-08 12:27 - 00002268 _____ () C:\Windows\System32\Tasks\Tempo Runner wzoomifyd
2014-10-08 12:27 - 2014-10-08 12:27 - 00000196 _____ () C:\Windows\Tasks\Tempo Runner wzoomifyd.job
2014-10-07 12:12 - 2014-10-07 12:12 - 00314227 _____ () C:\Users\Arne\Desktop\Gmer.txt
2014-10-07 12:03 - 2014-10-07 12:03 - 00380416 _____ () C:\Users\Arne\Desktop\Gmer-19357.exe
2014-10-07 12:01 - 2014-10-07 12:01 - 00000470 _____ () C:\Users\Arne\Desktop\defogger_disable.log
2014-10-07 11:54 - 2014-10-07 11:56 - 00021543 _____ () C:\Users\Arne\Desktop\Addition.txt
2014-10-07 11:53 - 2014-10-10 13:25 - 00014312 _____ () C:\Users\Arne\Desktop\FRST.txt
2014-10-07 11:53 - 2014-10-10 13:25 - 00000000 ____D () C:\FRST
2014-10-07 11:51 - 2014-10-07 11:52 - 02109952 _____ (Farbar) C:\Users\Arne\Desktop\FRST64.exe
2014-10-07 11:50 - 2014-10-07 11:51 - 01101312 _____ (Farbar) C:\Users\Arne\Desktop\FRST.exe
2014-10-07 11:49 - 2014-10-07 11:49 - 00000470 _____ () C:\Windows\SysWOW64\defogger_disable.log
2014-10-07 11:49 - 2014-10-07 11:49 - 00000000 _____ () C:\Users\Arne\defogger_reenable
2014-10-07 11:46 - 2014-10-07 11:46 - 00050477 _____ () C:\Users\Arne\Desktop\Defogger.exe
2014-10-07 02:03 - 2014-10-07 02:03 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-07 02:03 - 2014-10-07 02:03 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-07 02:03 - 2014-10-07 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-07 02:00 - 2014-10-07 02:00 - 00244408 _____ () C:\Users\Arne\Downloads\Firefox Setup Stub 32.0.3 (1).exe
2014-10-06 23:09 - 2014-10-09 11:55 - 00000000 ____D () C:\AdwCleaner
2014-10-06 22:14 - 2014-10-06 22:17 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-10-06 22:14 - 2014-10-06 22:14 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Abelssoft
2014-10-06 22:14 - 2014-10-06 22:14 - 00000000 ____D () C:\Users\Arne\AppData\Local\Abelssoft
2014-10-06 22:14 - 2014-10-06 22:14 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-10-06 22:12 - 2014-10-06 22:13 - 01589182 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-06 22:04 - 2014-10-06 22:04 - 00001452 _____ () C:\Users\Arne\Desktop\Goodgame Empire.lnk
2014-10-06 22:04 - 2014-10-06 22:04 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\DesktopIconGoodgame
2014-10-06 22:04 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-10-06 22:04 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-10-06 22:03 - 2014-10-06 22:03 - 01101648 _____ () C:\Users\Arne\Downloads\HijackThis - CHIP-Installer.exe
2014-10-06 21:01 - 2014-10-10 11:12 - 00002296 _____ () C:\Windows\setupact.log
2014-10-06 21:01 - 2014-10-06 21:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-06 21:00 - 2014-10-09 11:56 - 00014056 _____ () C:\Windows\PFRO.log
2014-10-06 19:41 - 2014-10-07 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-10-06 19:41 - 2014-10-06 19:41 - 00001902 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-10-06 19:41 - 2014-10-06 19:41 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Elex-tech
2014-10-06 19:41 - 2014-10-06 19:41 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-10-06 19:41 - 2014-09-22 14:13 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2014-10-06 16:09 - 2014-10-06 16:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-06 16:07 - 2014-10-06 16:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Arne\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-06 15:49 - 2014-10-09 11:55 - 00000000 ____D () C:\Windows\system32\log
2014-10-06 15:18 - 2014-10-06 15:18 - 00000000 _____ () C:\autoexec.bat
2014-10-06 15:16 - 2014-10-06 15:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-06 15:15 - 2014-10-06 15:58 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-06 15:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-06 14:43 - 2014-10-06 15:54 - 00000000 ____D () C:\Users\Arne\Desktop\Alte Firefox-Daten
2014-10-06 11:55 - 2014-10-06 11:55 - 00000099 _____ () C:\Windows\Reimage.ini
2014-10-06 11:42 - 2014-10-06 11:42 - 00244408 _____ () C:\Users\Arne\Downloads\Firefox Setup Stub 32.0.3.exe
2014-10-06 00:46 - 2014-10-10 12:11 - 00001332 _____ () C:\Windows\Tasks\KZXMT.job
2014-10-06 00:46 - 2014-10-10 11:12 - 00001334 _____ () C:\Windows\Tasks\NMBDOU.job
2014-10-06 00:46 - 2014-10-06 00:46 - 00004356 _____ () C:\Windows\System32\Tasks\NMBDOU
2014-10-06 00:46 - 2014-10-06 00:46 - 00004354 _____ () C:\Windows\System32\Tasks\KZXMT
2014-10-06 00:40 - 2014-10-06 00:40 - 00256848 _____ () C:\Users\Arne\Downloads\TinyPlayerInstaller.exe
2014-09-27 21:39 - 2014-09-27 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-27 21:39 - 2014-09-27 21:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-24 22:33 - 2014-10-07 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-16 11:23 - 2014-09-16 11:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-16 11:23 - 2014-09-16 11:23 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-16 11:23 - 2014-09-16 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 11:20 - 2014-09-16 11:20 - 01678440 _____ (Skype Technologies S.A.) C:\Users\Arne\Downloads\SkypeSetup(2).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 13:26 - 2014-01-07 20:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 13:23 - 2014-01-05 01:14 - 01638151 _____ () C:\Windows\WindowsUpdate.log
2014-10-10 13:14 - 2014-01-06 17:27 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-10 12:49 - 2014-06-05 00:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-10 11:28 - 2009-07-14 19:58 - 00696370 _____ () C:\Windows\system32\perfh007.dat
2014-10-10 11:28 - 2009-07-14 19:58 - 00147634 _____ () C:\Windows\system32\perfc007.dat
2014-10-10 11:28 - 2009-07-14 07:13 - 01611160 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-10 11:21 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-10 11:21 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-10 11:12 - 2014-06-05 00:31 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-10 11:12 - 2014-01-05 19:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-10 11:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-09 11:16 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-08 13:33 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-07 11:49 - 2014-01-05 01:18 - 00000000 ____D () C:\Users\Arne
2014-10-07 01:24 - 2014-01-06 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-07 01:24 - 2014-01-06 19:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-07 01:24 - 2014-01-06 17:58 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\FreeCommander
2014-10-07 01:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-10-06 22:42 - 2009-07-14 06:45 - 00417872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-06 22:17 - 2014-01-05 18:38 - 00111336 _____ () C:\Users\Arne\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-06 21:00 - 2014-06-05 00:32 - 00000000 ____D () C:\Program Files\Google
2014-10-06 21:00 - 2014-02-04 20:01 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-06 20:57 - 2014-01-05 01:10 - 00000000 ____D () C:\Windows\Panther
2014-10-06 19:45 - 2014-02-04 20:01 - 00000000 ____D () C:\Users\Arne\AppData\Local\Google
2014-10-06 16:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-10-06 15:49 - 2014-06-05 00:33 - 00002233 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-06 14:05 - 2014-01-06 18:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-06 11:30 - 2014-01-05 18:28 - 00000000 ____D () C:\Windows\Minidump
2014-09-28 19:50 - 2014-04-14 10:29 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Skype
2014-09-27 22:10 - 2014-04-14 10:58 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-24 15:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-24 11:26 - 2014-01-07 20:39 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 11:26 - 2014-01-07 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 11:26 - 2014-01-07 20:39 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-19 17:20 - 2014-01-06 19:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 11:23 - 2014-04-14 10:29 - 00000000 ____D () C:\ProgramData\Skype
2014-09-15 09:06 - 2014-01-05 18:56 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-10 10:39 - 2014-08-29 20:06 - 00075570 _____ () C:\Users\Arne\Desktop\l57w45yw.bmp

Some content of TEMP:
====================
C:\Users\Arne\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-27 13:03

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Moin Moin,

soweit ist alles okay. Nur das sich Firefox zwischendurch mal aufhängt und das ich dieses YAC (Yet Another Cleaner) nicht mehr loswerde.

schrauber · 11.10.2014, 11:07

Zitat:

und das ich dieses YAC (Yet Another Cleaner) nicht mehr loswerde

wo siehst du den?

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\Arne\AppData\Roaming\KZXMT
C:\Users\Arne\AppData\Roaming\NMBDOU
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Napo33 · 11.10.2014, 12:30

Moin Moin,

dieses YAC ist mit einer Verknüpfung auf dem Desktop aber nicht unter Systemsteuerung zu deinstalieren vorhanden.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by Arne at 2014-10-11 12:54:30 Run:1
Running from C:\Users\Arne\Desktop
Loaded Profiles: Arne & UpdatusUser (Available profiles: Arne & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Arne\AppData\Roaming\KZXMT
C:\Users\Arne\AppData\Roaming\NMBDOU
Emptytemp:
*****************

C:\Users\Arne\AppData\Roaming\KZXMT => Moved successfully.
C:\Users\Arne\AppData\Roaming\NMBDOU => Moved successfully.
EmptyTemp: => Removed 550.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====