| |
| |||||||
Log-Analyse und Auswertung: Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.10.2014, 22:38
| #1 |
 |  Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. Hallo Miteinander, Problem: Es wird die ganze Zeit beim starten von Firefox versucht, ein RAR File zu downloaden das 045.rar heißt und auf uploaded.net liegt. Diese Datei (0.45.rar) 291,76 MB : hxxp://uploaded.net/file/ttg7gxar Usache Vermutung : Ich habe leider nichts gefunden. Auch habe ich keine verdächtigen Addons.... Denke ich!! . Da meine Log Dateien leider zu gross sind zum normalen anhängen oder zum Posten , habe ich sie angehängt in einem RAR Format.. Habe gelesen dass man wenn die Logs zu gross sind man sie aufteilen soll: Addition.txt: Teil 1. : Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014
Ran by skyerjoe at 2014-10-21 22:29:40
Running from C:\Users\skyerjoe\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Advanced IP Scanner v1.5 (HKLM-x32\...\Advanced IP Scanner v1.5) (Version: - )
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version: - )
Alax.Info DHCP Server 1.0.6 (HKLM-x32\...\{F778CD06-CB21-4D58-92B7-3A21B6D8F009}) (Version: 1.0.6 - Alax.Info)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Alt.Binz 0.25.0 (HKLM-x32\...\Alt.Binz) (Version: 0.25.0 - Rdl)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.278 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{5BC83141-83DD-07BE-C940-04B385540F04}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
Binbot version 2.0 (HKLM-x32\...\binbot2.0_is1) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J4510DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0113.2257.41150 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0920.2143.37117 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help English (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help French (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help German (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCcamInfoPHP v0.8.6 (DT5) (HKLM-x32\...\{F5E2B845-0C4A-452D-A24D-8E9C1B1858F0}) (Version: 1.0.0 - .)
ccc-core-static (x32 Version: 2010.0920.2143.37117 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0920.2143.37117 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
Click to Disc MergeModules x64 (Version: 1.0.14230 - Sony Corporation) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.538 - Corel Inc.)
CPUID CPU-Z 1.55 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crystal Reports XI Release 2 (HKLM-x32\...\{94FB0978-D094-40C7-91D7-834D39220D4A}) (Version: 11.5.0.31327 - Business Objects)
DAEMON Tools Toolbar (HKLM-x32\...\DAEMON Tools Toolbar) (Version: 1.1.3.0244 - DT Soft Ltd) <==== ATTENTION
Defraggler (HKLM\...\Defraggler) (Version: 2.09 - Piriform)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EasyBCD 1.7.2 (HKLM-x32\...\EasyBCD) (Version: 1.7.2 - NeoSmart Technologies)
EasyBoot V5.12 (HKLM-x32\...\EasyBoot_is1) (Version: - )
Einstellungen für VAIO-Inhaltsüberwachung (HKLM-x32\...\{06C05B90-2127-4933-8ABA-61833BDE13FA}) (Version: 2.6.0.11050 - Sony Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.0.545 - Evernote Corp.)
Ext2 IFS 1.11a for Windows Vista/2008 (HKLM\...\Ext2Ifs_for_NT6) (Version: - )
Ext2Fsd 0.51 (HKLM\...\Ext2Fsd_is1) (Version: 0.51 - Matt Wu)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FOCA Free (HKLM-x32\...\{54A9B87F-7966-41B7-96C7-01D7EF462813}) (Version: 2.6.1 - Informatica64)
Foldit (HKLM-x32\...\Foldit) (Version: - )
FRITZ!Box USB-Fernanschluss (HKCU\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin)
Funmoods Web Search (HKCU\...\Funmoods Web Search) (Version: - ) <==== ATTENTION
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
H.M.S Fsim 4.01 (HKLM-x32\...\Fsim 4.01_is1) (Version: 4.01 - H.M.S Software)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HP Photosmart Prem C410 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}) (Version: 14.0 - HP)
ICQ7.2 (HKLM-x32\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
ImageMagick 6.7.6-5 Q16 (2012-05-01) (HKLM-x32\...\ImageMagick 6.7.6 Q16_is1) (Version: 6.7.6 - ImageMagick Studio LLC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
inSSIDer 2.0 (HKLM\...\{57019733-78E6-43DE-8E6D-55349F0FDE6F}) (Version: 2.0.7 - MetaGeek)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
IsoBuster 3.3 (HKLM-x32\...\IsoBuster_is1) (Version: 3.3 - Smart Projects)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
JDiskReport 1.4.0 (HKLM-x32\...\JDiskReport 1.4.0) (Version: 1.4.0 (2012-01-20 11:38:43) - JGoodies Karsten Lentzsch)
JDownloader (HKLM-x32\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt))
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 2.13 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.8.1 - Magical Jelly Bean)
Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.1.1.11200 - Sony Corporation)
Media Gallery (x32 Version: 1.1.1.11200 - Sony Corporation) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Device Emulator (64 Bit) Version 3.0 - DEU (HKLM\...\{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Diagnostics and Recovery Toolset 6.0 (HKLM\...\{1B285B8A-161F-4ACE-86D7-89EF0775EDCB}) (Version: 6.00.0000 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Report Viewer 2012-Laufzeit (HKLM-x32\...\{F2C6E9F1-8F35-42A0-A9CA-E6C94D92A86C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{5973B12E-5FC1-4EF6-B63B-49C1C4AF2AAA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-Bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A282A232-780C-45E2-A5E5-9B61D74DCC6E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - DEU (HKLM-x32\...\{987AE03F-234A-3623-BD28-6B31FD1D3AB3}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer für SQL Server 2012 (HKLM\...\{7647B46D-D4E6-43A5-AC9D-0BAA28C63271}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.1 - mIRC Co. Ltd.)
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.9 - 3r1c)
MKVtoolnix 4.4.0 (HKLM-x32\...\MKVtoolnix) (Version: 4.4.0 - Moritz Bunkus)
MobileMe Control Panel (HKLM\...\{56F26668-13DA-497A-883F-61434A10CBAB}) (Version: 3.1.5.0 - Apple Inc.)
MozBackup 1.5 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-GB)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\{AB259D46-F851-41B0-9AFA-AED8998AD68A}) (Version: 2.0.0.1067 - Omnifone)
Nero 8 Micro 8.3.6.0 (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.6.0 - Updatepack.nl)
Nero 9 Lite (HKLM-x32\...\{3484e694-66bc-40b5-88d9-dc7ead01b92f}) (Version: - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.31.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NetSHGUI (HKLM-x32\...\{34CF2DC1-9138-4671-9C2F-D318FFC80AC0}) (Version: 1.0.0 - Tim Brigham)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Newsbin Pro (HKLM\...\Newsbin6) (Version: 6.00 - DJI Interprises, LLC)
NewsLeecher v4.0 Final (HKLM-x32\...\NewsLeecher_is1) (Version: - )
nLite 1.4.9.1 (HKLM-x32\...\nLite_is1) (Version: 1.4.9.1 - Dino Nuhagic (nuhi))
NNTPGrab (64bit) (HKLM\...\NNTPGrab (64bit)) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.7 - )
NSClient++ (x64) (HKLM\...\{D9C026DE-16B9-4286-AFB1-3117B88D9769}) (Version: 0.3.8.76 - MySolutions NORDIC)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenSSL 1.0.1 Light (32-bit) (HKLM-x32\...\OpenSSL Light (32-bit)_is1) (Version: - OpenSSL Win32 Installer Team)
OpenVPN Tap Adapter 9.0 (HKLM-x32\...\OpenVPN Tap Adapter) (Version: - )
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)
OverPlay VPN (HKCU\...\4f1f873ae9d5c649) (Version: 1.0.0.50 - OverPlay)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Paragon Partition Manager™ 10.0 Professional (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
pCon.planner 6.3 (HKLM-x32\...\pCon.planner 6.3) (Version: 6.3.0.101 - EasternGraphics)
pCon.planner 6.3 (x32 Version: 6.3.0.101 - EasternGraphics) Hidden
PE Builder 3.1.10a (HKLM-x32\...\PE Builder_is1) (Version: - Bart Lagerweij)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.2 - )
PKR (HKLM-x32\...\PKR) (Version: - PKR Ltd)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.0.00.10260 - Sony Corporation)
PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}) (Version: 1.2.00.15250 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.2.00.15250 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.2.00.16060 - Sony Corporation)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.2.00.16060 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.2.00.15250 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.2.00.15250 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.2.00.15250 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.2.00.15250 - Sony Corporation) Hidden
Polipo 1.0.4.1 (HKLM-x32\...\Polipo) (Version: - )
PS_AIO_07_C410_SW_Min (x32 Version: 140.0.273.000 - Hewlett-Packard) Hidden
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.50.0 - PS3 Media Server)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Remote Play mit PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.0.2.06212 - Sony Corporation)
Remote Play with PlayStation 3 (x32 Version: 1.0.0.15090 - Sony Corporation) Hidden
Remote-Tastatur mit PlayStation 3 (HKLM-x32\...\{65B138AE-F636-4D4C-BA5D-A06E21E47C53}) (Version: 1.0.2.06170 - Sony Corporation)
Roadkil's Raw Copy Version 1.2 (HKLM-x32\...\{FE95BD73-9BCF-4859-BC47-16617911FE3B}_is1) (Version: - Roadkil.Net)
Rohos Mini Drive 1.8 (HKLM-x32\...\Rohos_Rohos22_is1) (Version: - Tesline-Service srl)
Roomeon 3D-Planer (HKLM-x32\...\{51BA4778-915C-4B75-92AC-06060B76FE16}) (Version: 1.0.0 - MyDomicile.com GmbH)
Rosetta Stone Ltd Services (HKLM-x32\...\{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}) (Version: 3.2.17 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\com.rosettastone.rosettastonetotale) (Version: 4.1.15.1 - Rosetta Stone, Ltd)
Rosetta Stone TOTALe (x32 Version: 4.1.1 - Rosetta Stone, Ltd) Hidden
Rosetta Stone TOTALe (x32 Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
Roxio Central Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Easy Media Creator Home (x32 Version: 10.3.183 - Roxio) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Scansoft PDF Professional (x32 Version: - ) Hidden
SecCommerce SecSigner 3.6 (HKLM\...\SecCommerce SecSigner) (Version: 3.6 - SecCommerce Informationssysteme GmbH)
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Sentinel System Driver (HKLM-x32\...\Rainbow Sentinel Driver) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SetEditHBP (remove only) (HKLM-x32\...\SetEditHBP) (Version: - )
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.1.0.11200 - Sony Corporation)
Setup_msm_VCMS_x64 (Version: 2.6.0.06040 - Sony Corporation) Hidden
Setup_msm_VOFS_x64 (Version: 2.3.0.09270 - Sony Corporation) Hidden
Setup_VEP_x64_Contain_SSDB (Version: 3.9.0.09270 - Sony Corporation) Hidden
Simple PAK Maker (HKLM-x32\...\{C4D6A4E8-D564-4634-B16D-D40112FB7A51}) (Version: 2.0.0.0 - )
simple-fax.de Version 1 (HKLM-x32\...\{7343767F-D225-4EB2-87B8-173451445F45}_is1) (Version: 1 - simple-fax.de)
SIW version 2010.04.28 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2010.04.28 - Topala Software Solutions)
Snapshot (remove only) (HKLM-x32\...\Snapshot) (Version: - )
SOHLib Merge Module (x32 Version: 2.2.0.11240 - Sony Corporation) Hidden
Sony Home Network Library (HKLM-x32\...\{A6B90666-2A1F-49E8-A40E-27EAAD11C096}) (Version: 2.2.0.11240 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.0.1.10160 - Sony Corporation) Hidden
SopCast 3.3.2 (HKLM-x32\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SpotLite (HKCU\...\SpotLite) (Version: 00.01.00.04 - Quartermaster (Bond))
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server-Browser für SQL Server 2012 (HKLM-x32\...\{1A4C9497-7D4B-466D-8D3A-FE0D925386DC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sweet Home 3D version 3.2 (HKLM-x32\...\Sweet Home 3D_is1) (Version: - eTeks)
System Requirements Lab for Intel (HKLM-x32\...\{ADD72094-D289-4714-A62E-70574478A2BC}) (Version: 4.3.1.0 - Husdawg, LLC)
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.10418 - TeamViewer GmbH)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Tiny DHCP Server (HKLM-x32\...\Tiny DHCP Server) (Version: - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Tor 0.2.2.30-rc (HKLM-x32\...\Tor) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TSDoctor (HKLM-x32\...\{1A8BB532-FE89-4AAF-BA8F-AABA6A51CD5F}) (Version: 1.0.83 - Cypheros)
UBCD4Win 3.60 (HKLM-x32\...\UBCD4Win_is1) (Version: - UBCD4Win Team - Benjamin Burrows)
UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version: - )
UltraVNC 1.0.9.1 (HKLM-x32\...\Ultravnc2_is1) (Version: 1.0.9.1 - 1.0.9.1)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation)
Update for Zip Opener (HKCU\...\Digital Sites) (Version: - Update for Zip Opener) <==== ATTENTION
Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version: - )
UsenetFaker v1.0.0.0 (HKLM-x32\...\UsenetFaker_is1) (Version: - )
VAIO Care (HKLM\...\{FDCC09EA-A33E-4639-B1CD-FC1702815FA7}) (Version: 8.4.0.14281 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{A1255354-11F3-4D25-95CC-C9B1C2320761}) (Version: 3.9.0.11260 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.6.0.09250 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Network Service Manager (HKLM\...\{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Content Metadata Manager Settings (HKLM\...\{8FE3CF66-4484-4D39-B47D-DEBBA173619D}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Content Metadata XML Interface Library (HKLM\...\{97C58294-36D8-4594-8A49-7AB4AE096504}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.2.0.09150 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.2.0.09150 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.1.00.15050 - Sony Corporation)
VAIO Energie Verwaltung (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.0.0.11300 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{0489D044-6386-4BDF-9F98-577D60CF79DD}) (Version: 3.9.0.11160 - Sony Corporation)
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.1.0.12010 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.2.1.09131 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 1.0.0.10290 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Marketing Tools (HKLM-x32\...\MarketingTools) (Version: - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.0.1.10160 - Sony Corporation)
VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 1.2.0.09100 - Sony Corporation)
VAIO Movie Story MergeModules x64 (Version: 1.0.14240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.2.00.15250 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.0.00.09240 - Sony Corporation) Hidden
VAIO Original Funktion Einstellungen (HKLM-x32\...\{04EAE65A-CDCF-480F-B754-5C3A9364239C}) (Version: 2.3.0.11240 - Sony Corporation)
VAIO Personalization Manager (HKLM\...\{DBB823F3-E8BD-4578-9D16-42AF176FD777}) (Version: 3.0.0.11160 - Sony Corporation)
VAIO Premium Partners (HKLM-x32\...\VAIO Premium Partners) (Version: 1.0 - Sony Europe)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.3.1.7 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.3.1.7 - Sony Corporation) Hidden
VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.1.08110 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.0.0.06010 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)
Vidalia 0.2.12 (HKLM-x32\...\Vidalia) (Version: - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Vistumbler (HKLM-x32\...\Vistumbler) (Version: v10 - Vistumbler.net)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
vShare.tv plugin 1.3 (HKLM-x32\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
windata basic (HKLM-x32\...\{B20643D6-70C3-447E-8C19-5AADD3904C81}) (Version: 08.00.0000 - windata GmbH & Co.KG)
windata@home (HKLM-x32\...\{A0703E79-9B57-4BE1-BEF1-E43402CBBFF0}) (Version: 08.08.0000 - windata GmbH & Co.KG)
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WinSCP 5.1.8 (HKLM-x32\...\winscp3_is1) (Version: 5.1.8 - Martin Prikryl)
XMedia Recode 3.0.6.7 (HKLM-x32\...\XMedia Recode) (Version: 3.0.6.7 - Sebastian Dörfler)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
08-10-2014 18:02:40 Windows Update
15-10-2014 19:17:37 Geplanter Prüfpunkt
16-10-2014 16:49:27 Windows Update
16-10-2014 22:07:39 Windows Update
18-10-2014 11:55:59 Konfiguriert Brother Software Suite
21-10-2014 11:33:39 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-10-21 22:02 - 00000847 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {11AB48CB-E787-4F59-8219-53BDCA876862} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {17C8CFD2-4029-460E-A6CD-53CBB25A00C2} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {1A711198-0BA9-4ED0-8B61-B44DDFEDEACF} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {3404E6B7-BCCB-469A-8E3D-B0563632A16C} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {364C52BB-493C-45BE-BA18-19F3CB63CAE9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {44B093F9-D6AA-4661-B9BA-EA1333300C86} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJMIMIMMMJMKJLJPMCNLMLJOJJMCNLMGMHMPMCNGMLMPMOMCNKJLJMJOMLJIMOMLJJMHMPMPMJNJICMIMCNNMCNGMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMMIEJGIKJNIFJAJKJJNKJCMJNNICMJNDJCMLJKJ"
Task: {52D6BE54-933A-4B27-9EC8-22D5ACFCB7E6} - System32\Tasks\Open URL by Roboform => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMJMIMIMMMJMKJLJPMCNLMLJOJJMCNLMGMHMPMCNGMLMPMOMCNKJLJMJOMLJIMOMLJJMHMPMPMJNJICMIMCNMMCNNMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMPMCNNMJNPICMPMFMFMGMIMJNHICMMJBJKJLIMJJNBJCMMIEJGIKJNIFJAJKJJNKJCMJNNICMJNDJCMLJKJ"
Task: {5672D7A3-E325-433B-A74A-DC130FDF5B88} - System32\Tasks\Quark Updater => C:\Program Files (x86)\Quark\Quark Update\AutoUpdate.exe
Task: {578AFFD4-EB45-476C-A5D8-87C1C02D0D98} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {58E45C7E-0640-404E-B5E2-7B4D045EC33F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-15] (AVAST Software)
Task: {6615E562-AC45-490E-97AD-5D892EA5E872} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {793AAAA3-44D3-48B9-8570-AF9CE4C2CD0B} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Code:
ATTFilter Task: {7CCABE14-77D5-4FCB-8E04-3482A19803BE} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {7F3738BD-8BB9-4891-9EB5-F56D640B36ED} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {88ED3377-4CB1-469A-84DA-258A833262FB} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {8E6413D9-8DB2-4031-916E-3B7D3D2BD242} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-10-25] (Sony Corporation)
Task: {8FC70F01-B45F-421F-A148-71BDCA8F2C12} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {94BF4AB2-F919-4F2E-9995-AF0E5FA034D2} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {98091604-3DE7-4B23-A0A6-E774DC0263BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-06] (Google Inc.)
Task: {A88268DE-C610-46E0-82A6-FD9CED737898} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {A90FEA3A-DB4F-4817-90F6-D1B6C6D39ED9} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {B151739C-0FAA-4B1A-A63C-D717084230B4} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {BC311B7E-F30F-4701-BEAD-19EE5A22FD63} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {C46351A3-4D02-4BFB-9459-D0EAF1D48E05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-06] (Google Inc.)
Task: {C4A85847-DFD3-42F1-A3C6-C0FA276B3F54} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {C81DAFF3-CED8-4252-8AEF-A3A96E685773} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)
Task: {DB33CD9B-24D2-42A1-A3B9-6BA9F66C33A0} - System32\Tasks\SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3 => C:\Program Files\Sony\Remote Keyboard with PlayStation 3\VBTKBUtil.exe [2010-06-17] (Sony Corporation)
Task: {DF3160C5-1645-408B-B0EE-FE4E4E292839} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {E39F1155-3D4E-4E65-B869-2B0B8C80C413} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {ECA53539-0A26-413A-8DF7-9A784D9D4FFC} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {F107CD63-AFBD-4D25-83B2-96D289235F68} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-10-25] (Sony Corporation)
Task: {FA2A8DEF-658C-4962-BB82-280ABB3E4E88} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {FC2B3564-8D8B-452B-B987-499D15E69A55} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Quark Updater.job => C:\Program Files (x86)\Quark\Quark Update\AutoUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-01-06 17:34 - 2013-02-09 14:17 - 00113152 _____ () C:\Windows\System32\redmon64.dll
2014-06-21 15:26 - 2005-04-22 06:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-06-08 23:51 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2014-01-28 22:45 - 2012-01-20 15:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2009-11-25 01:36 - 2009-11-25 01:36 - 00125440 _____ () C:\Program Files (x86)\Notepad++\NppShell_01.dll
2010-08-24 15:39 - 2010-08-24 15:39 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-01-26 21:04 - 2011-01-26 21:04 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-10-21 20:07 - 2014-10-21 20:07 - 00050477 _____ () C:\Users\skyerjoe\Downloads\Defogger(1).exe
2014-07-15 18:42 - 2014-07-15 18:42 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-21 13:26 - 2014-10-21 13:26 - 02896384 _____ () C:\Program Files\AVAST Software\Avast\defs\14102100\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-02 15:10 - 2009-12-01 22:03 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-06-02 15:10 - 2009-12-01 22:03 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2010-01-29 23:55 - 2009-11-21 01:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-07-15 18:42 - 2014-07-15 18:42 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-21 15:10 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-01-03 10:45 - 2012-01-03 10:45 - 00016832 _____ () C:\Program Files (x86)\Adobe\Reader 9.0\Reader\viewerps.dll
2014-09-24 20:56 - 2014-09-24 20:56 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\skyerjoe\Downloads\email_87_20140717181446.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\startupfolder: C:^Users^skyerjoe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.3301725356812716.exe.lnk => C:\Windows\pss\0.3301725356812716.exe.lnk.Startup
MSCONFIG\startupfolder: C:^Users^skyerjoe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Hardcopy.LNK => C:\Windows\pss\Hardcopy.LNK.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MarketingTools => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Tiny DHCP Server => "C:\Program Files (x86)\Tiny DHCP Server\dhcpsrv.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-1609788897-153937731-1751884820-500 - Administrator - Disabled)
Gast (S-1-5-21-1609788897-153937731-1751884820-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1609788897-153937731-1751884820-1002 - Limited - Enabled)
sky (S-1-5-21-1609788897-153937731-1751884820-1003 - Limited - Enabled) => C:\Users\sky
skyerjoe (S-1-5-21-1609788897-153937731-1751884820-1000 - Administrator - Enabled) => C:\Users\skyerjoe
==================== Faulty Device Manager Devices =============
Name: J:\
Description: Cruzer Fit
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: SanDisk
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name: USB 2.0 Camera
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart Prem C410 series
Description: Photosmart Prem C410 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: TAP-Win32 Adapter V9
Description: TAP-Win32 Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: G:\
Description: R5C822
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name: Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Description: Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart Prem C410 series
Description: Photosmart Prem C410 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/21/2014 10:03:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/21/2014 10:03:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/21/2014 09:36:06 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (10/21/2014 09:36:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/21/2014 09:29:37 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (10/21/2014 09:29:37 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (10/21/2014 08:30:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357(1).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357(1).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x1380
Startzeit der fehlerhaften Anwendung: 0xGmer-19357(1).exe0
Pfad der fehlerhaften Anwendung: Gmer-19357(1).exe1
Pfad des fehlerhaften Moduls: Gmer-19357(1).exe2
Berichtskennung: Gmer-19357(1).exe3
Error: (10/21/2014 08:29:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357(1).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357(1).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x15c4
Startzeit der fehlerhaften Anwendung: 0xGmer-19357(1).exe0
Pfad der fehlerhaften Anwendung: Gmer-19357(1).exe1
Pfad des fehlerhaften Moduls: Gmer-19357(1).exe2
Berichtskennung: Gmer-19357(1).exe3
Error: (10/21/2014 05:31:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: crw32.exe, Version: 11.5.0.313, Zeitstempel: 0x4379f2e5
Name des fehlerhaften Moduls: crw32.exe, Version: 11.5.0.313, Zeitstempel: 0x4379f2e5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0050cb55
ID des fehlerhaften Prozesses: 0x1e18
Startzeit der fehlerhaften Anwendung: 0xcrw32.exe0
Pfad der fehlerhaften Anwendung: crw32.exe1
Pfad des fehlerhaften Moduls: crw32.exe2
Berichtskennung: crw32.exe3
Error: (10/21/2014 05:26:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: crw32.exe, Version: 11.5.0.313, Zeitstempel: 0x4379f2e5
Name des fehlerhaften Moduls: crw32.exe, Version: 11.5.0.313, Zeitstempel: 0x4379f2e5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0050cb55
ID des fehlerhaften Prozesses: 0x8d4
Startzeit der fehlerhaften Anwendung: 0xcrw32.exe0
Pfad der fehlerhaften Anwendung: crw32.exe1
Pfad des fehlerhaften Moduls: crw32.exe2
Berichtskennung: crw32.exe3
System errors:
=============
Error: (10/21/2014 08:22:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "HP Network Devices Support" wurde nicht richtig gestartet.
Error: (10/21/2014 08:20:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Energy Server Service" wurde mit folgendem Fehler beendet:
%%268439612
Error: (10/21/2014 08:19:26 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (10/21/2014 08:17:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht.
Error: (10/21/2014 08:17:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Printer Control" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/21/2014 08:16:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Sentinel" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (10/21/2014 08:16:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\SENTINEL.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (10/21/2014 08:16:49 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{39485f75-6e44-11df-a4b5-806e6f6e6963}" können nicht gelesen werden.
Error: (10/21/2014 08:16:49 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{59159bb5-7d3f-11df-9ec3-54424907d5f0}" können nicht gelesen werden.
Error: (10/21/2014 08:15:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:
%%-2147467243
Microsoft Office Sessions:
=========================
Error: (10/21/2014 10:03:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe
Error: (10/21/2014 10:03:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe
Error: (10/21/2014 09:36:06 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\skyerjoe\Downloads\VirtualBox-4.3.10-93012-Win.exeC:\Users\skyerjoe\Downloads\VirtualBox-4.3.10-93012-Win.exe0
Error: (10/21/2014 09:36:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\skyerjoe\Downloads\esetsmartinstaller_enu.exe
Error: (10/21/2014 09:29:37 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\skyerjoe\Downloads\VirtualBox-4.3.10-93012-Win.exeC:\Users\skyerjoe\Downloads\VirtualBox-4.3.10-93012-Win.exe0
Error: (10/21/2014 09:29:37 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\skyerjoe\Downloads\VirtualBox-4.3.10-93012-Win.exeC:\Users\skyerjoe\Downloads\VirtualBox-4.3.10-93012-Win.exe0
Error: (10/21/2014 08:30:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357(1).exe2.1.19357.052e7ea83Gmer-19357(1).exe2.1.19357.052e7ea83c0000005000011aa138001cfed5d0ff69294C:\Users\skyerjoe\Downloads\Gmer-19357(1).exeC:\Users\skyerjoe\Downloads\Gmer-19357(1).exe51ec77d3-5950-11e4-b28a-8db816ae7ea4
Error: (10/21/2014 08:29:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357(1).exe2.1.19357.052e7ea83Gmer-19357(1).exe2.1.19357.052e7ea83c0000005000011aa15c401cfed5cddfa12e1C:\Users\skyerjoe\Downloads\Gmer-19357(1).exeC:\Users\skyerjoe\Downloads\Gmer-19357(1).exe209babbf-5950-11e4-b28a-8db816ae7ea4
Error: (10/21/2014 05:31:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: crw32.exe11.5.0.3134379f2e5crw32.exe11.5.0.3134379f2e5c00000050050cb551e1801cfed43678ad9f3C:\Program Files (x86)\Business Objects\Crystal Reports 11.5\crw32.exeC:\Program Files (x86)\Business Objects\Crystal Reports 11.5\crw32.exe45256ed9-5937-11e4-aab9-fa75b628d9d5
Error: (10/21/2014 05:26:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: crw32.exe11.5.0.3134379f2e5crw32.exe11.5.0.3134379f2e5c00000050050cb558d401cfed42febbc9b4C:\Program Files (x86)\Business Objects\Crystal Reports 11.5\crw32.exeC:\Program Files (x86)\Business Objects\Crystal Reports 11.5\crw32.exe9aae012d-5936-11e4-aab9-fa75b628d9d5
CodeIntegrity Errors:
===================================
Date: 2011-03-11 21:57:10.758
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-03-11 21:57:10.748
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-03-11 21:57:10.738
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-03-11 21:57:10.718
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-03-11 21:57:10.698
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-03-11 21:57:10.668
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-02-07 18:25:04.335
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-02-07 18:25:04.313
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-02-07 18:25:04.283
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-02-07 18:25:04.217
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 63%
Total physical RAM: 3950.07 MB
Available physical RAM: 1437.57 MB
Total Pagefile: 7898.31 MB
Available Pagefile: 4339.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:396.01 GB) (Free:27.17 GB) NTFS
Drive e: () (Fixed) (Total:19.53 GB) (Free:2.54 GB) NTFS
Drive h: (Volume) (Fixed) (Total:39.5 GB) (Free:2.02 GB) NTFS
Drive i: (crystal_reports) (CDROM) (Total:0.82 GB) (Free:0 GB) UDF
Drive j: () (Removable) (Total:14.91 GB) (Free:9.05 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0A0C67E8)
Partition 1: (Not Active) - (Size=10.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=396 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=59 GB) - (Type=OF Extended)
========================================================
Disk: 3 (Size: 14.9 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
FRST: Teil 1: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by skyerjoe (administrator) on SKYERJOE-VAIO on 21-10-2014 22:29:04
Running from C:\Users\skyerjoe\Downloads
Loaded Profiles: skyerjoe & MSSQL$SQLEXPRESS (Available profiles: skyerjoe & sky & MSSQL$SQLEXPRESS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Tesline-Service SRL) C:\Program Files (x86)\Rohos\agent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
() C:\Users\skyerjoe\Downloads\Defogger(1).exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\skyerjoe\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-16] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [PrintDisp] => C:\Windows\system32\PrintDisp.exe [878080 2009-08-21] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-21] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1655296 2010-09-05] (Dominik Reichl)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ext2 Volume Manager] => C:\Program Files\Ext2Fsd\Ext2Mgr.exe [1211536 2011-02-05] (Ext2Fsd Group (www.ext2fsd.com))
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Tiny DHCP Server] => C:\Program Files (x86)\Tiny DHCP Server\dhcpsrv.exe [94208 2011-08-30] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [Rohos] => C:\Program Files (x86)\Rohos\agent.exe [801080 2011-05-17] (Tesline-Service SRL)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\skyerjoe\AppData\Local\Apps\2.0\BTH1ZOGT.8OZ\L89TLL57.57W\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-04-03] (AVM Berlin)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\MountPoints2: {3f596299-8920-11e3-a4b9-54424907d5f0} - I:\start.exe
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\MountPoints2: {4b862c5d-78c9-11df-aadd-54424907d5f0} - H:\pushinst.exe
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\MountPoints2: {ba47a5a3-bf94-11e1-b4e1-54424907d5f0} - I:\pushinst.exe
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
AppInit_DLLs-x32: acaptuser32.dll => "acaptuser32.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\windata Zahlungserinnerung.lnk
ShortcutTarget: windata Zahlungserinnerung.lnk -> C:\windata\Home\windataZahlungserinnerung.exe (windata GmbH & Co.KG)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM-x32 - {01027486-F7EC-4174-AABE-67DF604D8901} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=36635f72-2fdb-11e1-a98e-54424907d5f0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {01027486-F7EC-4174-AABE-67DF604D8901} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=36635f72-2fdb-11e1-a98e-54424907d5f0&q={searchTerms}
SearchScopes: HKCU - {01027486-F7EC-4174-AABE-67DF604D8901} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=36635f72-2fdb-11e1-a98e-54424907d5f0&q={searchTerms}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=7FB701D4-1C89-4EFA-884D-03D6CEB67EE4&apn_sauid=7DF5FFEB-7B8B-40D1-AD17-CA2E5086015A
SearchScopes: HKCU - {2ACC42B3-35D9-443C-A196-98B24C83B63A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
SearchScopes: HKCU - {35F08D01-53EE-40D5-9B58-2E54616CA883} URL = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
SearchScopes: HKCU - {529538C8-6480-4BF9-9D9D-847EE0E86B93} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {D4458402-FDE2-4BEA-B7CC-D06F9B2A768F} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Tcpip\..\Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}: [NameServer] 192.168.178.1
Tcpip\..\Interfaces\{D61CA8A8-A9C5-4B05-8B5C-1FF6CD0702CA}: [NameServer] 192.168.178.15
FireFox:
========
FF ProfilePath: C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: about:home|hxxp://www.giga.de/
FF Keyword.URL: hxxp://startsear.ch/?aff=1&src=sp&cf=36635f72-2fdb-11e1-a98e-54424907d5f0&q=
FF NetworkProxy: "backup.ftp", "192.168.43.1"
FF NetworkProxy: "backup.ftp_port", 3431
FF NetworkProxy: "backup.socks", "192.168.43.1"
FF NetworkProxy: "backup.socks_port", 3431
FF NetworkProxy: "backup.ssl", "192.168.43.1"
FF NetworkProxy: "backup.ssl_port", 3431
FF NetworkProxy: "ftp", "192.168.43.1"
FF NetworkProxy: "ftp_port", 34731
FF NetworkProxy: "http", "192.168.43.1"
FF NetworkProxy: "http_port", 34731
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.43.1"
FF NetworkProxy: "socks_port", 34731
FF NetworkProxy: "ssl", "192.168.43.1"
FF NetworkProxy: "ssl_port", 34731
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\searchplugins\gutscheinsuche.xml
FF SearchPlugin: C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\searchplugins\startsear.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: FreeSpeechMe - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\convergence@dot-bit.org [2014-05-16]
FF Extension: FoxyProxy Standard - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\foxyproxy@eric.h.jung [2014-09-05]
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\sparpilot@sparpilot.com [2014-10-02]
FF Extension: Bitdefender QuickScan - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-17]
FF Extension: Social Fixer - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\betterfacebook@mattkruse.com.xpi [2011-08-08]
FF Extension: Facebook Chat History Manager - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\fbchathistory@firechm.com.xpi [2011-08-09]
FF Extension: FireNes - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\firenes@facundo.zaldo.xpi [2012-01-03]
FF Extension: Premiumize.me - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\jid1-sirVJT0BXhkuJg@jetpack.xpi [2014-07-15]
FF Extension: Deutsch (DE) Language Pack - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2011-12-28]
FF Extension: Stealthy - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\stealthyextension@gmail.com.xpi [2011-10-30]
FF Extension: Flagfox - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-12]
FF Extension: Encrypted Communication - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{52a7f893-d228-412e-9b28-bc61491462f6}.xpi [2014-02-05]
FF Extension: BugMeNot Plugin - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2011-07-17]
FF Extension: Adblock Plus - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-10]
FF Extension: Torbutton - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2011-08-18]
FF Extension: User Agent Switcher - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-06-20]
FF Extension: WorldIP - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2011-08-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-10]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
Chrome:
=======
CHR Profile: C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (avast! SafePrice) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-14]
CHR Extension: (avast! Online Security) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-14]
CHR Extension: (vshare plugin) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2014-03-25]
CHR Extension: (Google Wallet) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-14]
CHR HKCU\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\skyerjoe\AppData\Local\funmoods.crx []
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-15]
CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx [2011-08-31]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Printer Control; C:\Windows\system32\PrintCtrl.exe [77824 2009-06-16] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
R2 Rohos Disk; C:\Program Files (x86)\Rohos\agent.exe [801080 2011-05-17] (Tesline-Service SRL)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-27] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-15] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2014-04-03] (AVM Berlin)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [268896 2014-04-03] (SysProgs.org)
R1 Ext2fs; C:\Windows\System32\DRIVERS\ext2fs.sys [270272 2008-09-25] (Stephan Schreiber)
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [769816 2011-07-09] (www.ext2fsd.com)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-04-08] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-12-03] (Paragon Software Group)
R1 IfsMount; C:\Windows\System32\DRIVERS\ifsmount.sys [80320 2008-08-28] (Stephan Schreiber)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7778176 2009-12-16] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [244736 2009-12-16] (Intel(R) Corporation) [File not signed]
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-09] (Malwarebytes Corporation)
R2 regi; C:\Windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo)
R2 RHDISK_AMD64; C:\Program Files (x86)\Rohos\RHDISK_AMD64.SYS [31408 2009-07-24] (Tesline-Service SRL)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 Sntnlusb; C:\Windows\SysWOW64\DRIVERS\SNTNLUSB.SYS [26120 2002-12-16] (Rainbow Technologies Inc.)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-06-10] (Duplex Secure Ltd.)
S3 TVICHW64; C:\Windows\system32\DRIVERS\TVICHW64.SYS [21200 2010-08-30] (EnTech Taiwan)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113952 2014-02-25] (Oracle Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
U3 pgtyrpod; \??\C:\Users\skyerjoe\AppData\Local\Temp\pgtyrpod.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 21:40 - 2014-10-21 22:10 - 00125204 _____ () C:\Users\skyerjoe\Downloads\Shortcut.txt
2014-10-21 20:58 - 2014-10-21 20:58 - 00528517 _____ () C:\Users\skyerjoe\Desktop\gmer.log
2014-10-21 20:32 - 2014-10-21 20:32 - 00060979 _____ () C:\Users\skyerjoe\Downloads\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.htm
2014-10-21 20:32 - 2014-10-21 20:32 - 00000000 ____D () C:\Users\skyerjoe\Downloads\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board_files
2014-10-21 20:28 - 2014-10-21 20:28 - 00380416 _____ () C:\Users\skyerjoe\Downloads\Gmer-19357(1).exe
2014-10-21 20:23 - 2014-10-21 20:24 - 02110976 _____ (Farbar) C:\Users\skyerjoe\Downloads\FRST64(1).exe
2014-10-21 20:14 - 2014-10-21 20:14 - 00000020 _____ () C:\Users\skyerjoe\defogger_reenable
2014-10-21 20:08 - 2014-10-21 20:08 - 00000292 _____ () C:\Users\skyerjoe\Downloads\defogger_enable.log
2014-10-21 20:07 - 2014-10-21 20:07 - 00050477 _____ () C:\Users\skyerjoe\Downloads\Defogger(1).exe
2014-10-21 14:09 - 2014-10-21 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-10-19 17:52 - 2014-10-19 17:52 - 00005118 _____ () C:\Users\skyerjoe\Downloads\eset-kompl.txt
2014-10-18 16:13 - 2014-10-18 16:13 - 00924173 _____ () C:\Users\skyerjoe\Downloads\BrMain480(1).exe
2014-10-18 14:03 - 2014-10-18 14:03 - 00000725 _____ () C:\Users\skyerjoe\Downloads\eset.txt
2014-10-18 13:59 - 2014-10-18 13:59 - 00000000 ____D () C:\Users\skyerjoe\Downloads\nettool
2014-10-18 13:58 - 2014-10-18 13:58 - 00980304 _____ (A.I.SOFT,INC.) C:\Users\skyerjoe\Downloads\nettool_1270.EXE
2014-10-18 12:41 - 2014-10-18 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox4
2014-10-16 19:20 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 19:20 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 19:20 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 19:20 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 19:20 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 19:20 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 19:20 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 19:20 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 19:19 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 19:19 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 19:19 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 19:19 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 19:19 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 19:19 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 19:19 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 19:19 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 19:19 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 19:19 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 19:19 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 19:19 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 19:19 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 19:19 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 19:19 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 19:19 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 19:19 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 19:19 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 19:19 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 19:19 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 19:19 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 19:19 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 19:19 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 19:19 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 19:19 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 19:19 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 19:19 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 19:19 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 19:19 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 19:19 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 19:19 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 19:19 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 19:19 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 19:19 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 19:19 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 19:19 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 19:19 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 19:19 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 19:19 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 19:19 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 19:19 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 19:19 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 19:19 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 19:19 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 19:19 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 19:19 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 19:19 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 19:19 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 19:19 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 19:19 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 19:19 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 19:19 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 19:19 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 19:19 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 19:19 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 19:18 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 19:18 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 19:18 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 19:18 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 19:17 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 19:17 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 19:17 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 19:17 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 19:17 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 19:17 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 19:17 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 19:17 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 19:17 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 19:17 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 19:17 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 19:17 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 19:17 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 19:17 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 19:17 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 19:17 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 19:16 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 19:16 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-12 15:47 - 2014-10-12 15:47 - 00000000 ____D () C:\Users\sky\Desktop\Old Firefox Data
2014-10-12 15:20 - 2014-10-12 15:20 - 00000000 ____D () C:\Users\sky\AppData\Local\Apple
2014-10-12 15:19 - 2014-10-12 15:19 - 00000000 ____D () C:\Users\sky\AppData\Local\Macromedia
2014-10-10 18:26 - 2014-10-21 22:28 - 00007103 _____ () C:\Users\skyerjoe\Desktop\eset.txt
2014-10-10 18:13 - 2014-10-10 18:13 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\skyerjoe\Downloads\SandboxieInstall.exe
2014-10-10 18:02 - 2014-10-10 18:02 - 01915297 _____ () C:\Users\skyerjoe\Downloads\Secure Banking v2.0.1.rar
2014-10-09 18:59 - 2014-10-09 18:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-09 17:57 - 2014-10-09 17:57 - 00000000 ____D () C:\Users\skyerjoe\Downloads\Rootkit_Remover_3022
2014-10-09 17:56 - 2014-10-09 17:57 - 15258612 _____ () C:\Users\skyerjoe\Downloads\Rootkit_Remover_3022.zip
2014-10-08 20:05 - 2014-10-08 20:05 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-10-08 20:05 - 2014-10-08 20:05 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-10-07 21:57 - 2014-10-21 18:46 - 00000000 ____D () C:\Users\skyerjoe\Downloads\cr_example_db
2014-10-07 21:38 - 2014-10-07 21:38 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Microsoft_Corporation
2014-10-07 21:34 - 2014-10-07 23:16 - 00000000 ____D () C:\Users\skyerjoe\Documents\SQL Server Management Studio
2014-10-07 21:34 - 2014-10-07 21:34 - 00000020 ___SH () C:\Users\MSSQL$SQLEXPRESS\ntuser.ini
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Vorlagen
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Startmenü
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Netzwerkumgebung
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Lokale Einstellungen
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Eigene Dateien
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Druckumgebung
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Documents\Eigene Musik
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Documents\Eigene Bilder
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Verlauf
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Anwendungsdaten
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Anwendungsdaten
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS
2014-10-07 21:34 - 2014-04-02 23:17 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Macromedia
2014-10-07 21:34 - 2013-12-05 20:46 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Apple
2014-10-07 21:34 - 2010-06-11 16:44 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Microsoft Help
2014-10-07 21:34 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-07 21:34 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-07 21:33 - 2012-02-11 10:03 - 00082520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr11.0.2100.60.dll
2014-10-07 21:33 - 2012-02-11 10:02 - 00045656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-10-07 21:33 - 2012-02-11 08:46 - 00180312 _____ (Microsoft Corporation) C:\Windows\system32\hadrres.dll
2014-10-07 21:33 - 2012-02-11 08:46 - 00082520 _____ (Microsoft Corporation) C:\Windows\system32\fssres.dll
2014-10-07 21:33 - 2012-02-11 08:44 - 00095832 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.0.2100.60.dll
2014-10-07 21:33 - 2012-02-11 08:44 - 00054360 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-10-07 21:28 - 2014-10-07 21:28 - 00000000 ____D () C:\Windows\system32\RsFx
2014-10-07 21:26 - 2014-10-07 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-10-07 21:25 - 2014-10-07 21:25 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-10-07 21:25 - 2014-10-07 21:25 - 00000000 ____D () C:\Windows\system32\1033
2014-10-07 21:24 - 2014-10-07 21:24 - 00000000 ____D () C:\Users\skyerjoe\Documents\Visual Studio 2010
2014-10-07 21:21 - 2014-10-07 21:25 - 00000000 ____D () C:\Windows\SysWOW64\1031
2014-10-07 21:20 - 2014-10-07 21:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-10-07 21:18 - 2014-10-07 21:25 - 00000000 ____D () C:\Windows\system32\1031
2014-10-07 21:18 - 2014-10-07 21:18 - 00000000 ____D () C:\Windows\symbols
2014-10-07 21:18 - 2014-10-07 21:18 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-10-07 21:18 - 2014-10-07 21:18 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
Grüße skyerjoe Geändert von fireskyer (21.10.2014 um 23:23 Uhr) |
|
21.10.2014, 23:40
| #2 |
| | Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. FRST Teil 2:
__________________[CODE]Teil 2: Code:
ATTFilter 2014-10-07 21:18 - 2014-10-07 21:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-10-07 21:12 - 2014-10-07 21:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-10-07 21:12 - 2014-10-07 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2014-10-07 21:05 - 2014-10-07 21:07 - 18411567 _____ () C:\Users\skyerjoe\Downloads\cr_xi_xtreme_rep_smpl_en.zip
2014-10-07 20:57 - 2014-10-07 21:38 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-10-07 20:40 - 2014-10-07 20:51 - 742686296 _____ (Microsoft Corporation) C:\Users\skyerjoe\Downloads\SQLEXPRWT_x64_DEU.exe
2014-10-02 17:53 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-02 17:53 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-02 17:50 - 2014-10-04 15:18 - 00001101 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-09-24 20:56 - 2014-09-24 20:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 20:53 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 20:53 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 22:29 - 2014-04-09 23:30 - 00034959 _____ () C:\Users\skyerjoe\Downloads\FRST.txt
2014-10-21 22:29 - 2014-04-09 23:30 - 00000000 ____D () C:\FRST
2014-10-21 22:12 - 2014-02-06 00:21 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-21 22:12 - 2014-02-06 00:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 22:10 - 2014-04-09 23:32 - 00068000 _____ () C:\Users\skyerjoe\Downloads\Addition.txt
2014-10-21 21:37 - 2013-12-21 02:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-21 20:34 - 2014-04-09 23:25 - 00000530 _____ () C:\Users\skyerjoe\Downloads\defogger_disable.log
2014-10-21 20:33 - 2010-12-31 17:44 - 00002120 _____ () C:\Windows\Sandboxie.ini
2014-10-21 20:29 - 2009-07-14 06:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 20:29 - 2009-07-14 06:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-21 20:25 - 2010-06-02 14:47 - 01582306 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 20:16 - 2012-03-15 16:14 - 00054732 _____ () C:\Windows\setupact.log
2014-10-21 20:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 20:14 - 2010-06-02 15:48 - 00000000 ____D () C:\Users\skyerjoe
2014-10-21 18:19 - 2010-06-02 15:55 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B07B1A65-7663-4533-B9F1-3274CBE7C8AF}
2014-10-21 13:25 - 2014-01-10 12:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-19 23:15 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-19 09:15 - 2014-02-06 00:21 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-18 17:56 - 2010-06-21 17:42 - 00000000 ____D () C:\Users\skyerjoe\USB-Stick
2014-10-18 17:54 - 2011-05-08 14:50 - 00000000 ____D () C:\Program Files\UlisesSoft
2014-10-18 14:06 - 2012-04-27 16:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-18 13:58 - 2014-06-20 01:17 - 00000000 ____D () C:\ProgramData\InstallShield
2014-10-18 13:55 - 2014-06-21 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-10-17 18:03 - 2014-01-11 19:18 - 00000000 ____D () C:\Windows\rescache
2014-10-17 15:03 - 2009-07-14 06:45 - 00453736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 00:55 - 2010-06-02 14:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 00:49 - 2013-11-15 17:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 00:09 - 2010-06-15 00:00 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 19:16 - 2011-06-13 19:04 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Deployment
2014-10-12 19:48 - 2011-04-03 19:09 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{98ADFF9C-7640-4C3E-A3B7-468DC3BE102F}
2014-10-12 15:13 - 2014-07-15 18:29 - 00000000 ____D () C:\Users\sky\AppData\Roaming\ControlCenter4
2014-10-12 15:13 - 2011-04-03 19:10 - 00000000 ____D () C:\Users\sky\AppData\Local\Mozilla
2014-10-10 16:22 - 2010-12-31 17:44 - 00001318 _____ () C:\Users\skyerjoe\Desktop\Sandboxed Web Browser.lnk
2014-10-07 21:56 - 2014-06-20 01:09 - 00000000 ____D () C:\Program Files (x86)\Business Objects
2014-10-07 21:33 - 2010-06-02 15:40 - 00806468 _____ () C:\Windows\system32\perfh007.dat
2014-10-07 21:33 - 2010-06-02 15:40 - 00184872 _____ () C:\Windows\system32\perfc007.dat
2014-10-07 21:33 - 2009-07-14 07:13 - 01912276 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-07 21:31 - 2010-06-02 14:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-07 21:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-07 21:02 - 2013-11-19 17:59 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\JDownloader v2.0
2014-10-04 15:18 - 2010-06-10 15:44 - 00000000 ____D () C:\Update
2014-10-02 17:50 - 2011-04-20 00:34 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-10-02 17:50 - 2010-01-30 00:44 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-10-02 17:49 - 2010-06-02 15:41 - 00000000 ____D () C:\Program Files\Sony
2014-10-02 17:49 - 2010-01-29 23:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-02 15:53 - 2010-06-30 01:44 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-24 20:38 - 2013-12-21 02:16 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 20:37 - 2013-11-14 17:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 20:37 - 2011-05-19 01:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\Users\skyerjoe\fbchathistory.dat
Some content of TEMP:
====================
C:\Users\sky\AppData\Local\Temp\AskSLib.dll
C:\Users\skyerjoe\AppData\Local\Temp\0a50e25a83046228c11dcaa7eeed09bb.exe
C:\Users\skyerjoe\AppData\Local\Temp\2tjmntfy.dll
C:\Users\skyerjoe\AppData\Local\Temp\3-93kwq1.dll
C:\Users\skyerjoe\AppData\Local\Temp\aqbarqcr.exe
C:\Users\skyerjoe\AppData\Local\Temp\AskSLib.dll
C:\Users\skyerjoe\AppData\Local\Temp\HitmanPro.exe
C:\Users\skyerjoe\AppData\Local\Temp\IcqUpdater.exe
C:\Users\skyerjoe\AppData\Local\Temp\instmsia.exe
C:\Users\skyerjoe\AppData\Local\Temp\instmsiw.exe
C:\Users\skyerjoe\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\skyerjoe\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\skyerjoe\AppData\Local\Temp\proxy_vole3500956037655423508.dll
C:\Users\skyerjoe\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\skyerjoe\AppData\Local\Temp\sdanircmdc.exe
C:\Users\skyerjoe\AppData\Local\Temp\sdapskill.exe
C:\Users\skyerjoe\AppData\Local\Temp\setup.exe
C:\Users\skyerjoe\AppData\Local\Temp\utt7C46.tmp.exe
C:\Users\skyerjoe\AppData\Local\Temp\vcredist_x64.exe
C:\Users\skyerjoe\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\skyerjoe\AppData\Local\Temp\_is5235.exe
C:\Users\skyerjoe\AppData\Local\Temp\_is84E8.exe
C:\Users\skyerjoe\AppData\Local\Temp\_isB78C.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-17 17:54
==================== End Of Log ============================
Teil 1: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-21 22:59:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: Gmer-19357(1).exe; Driver: C:\Users\skyerjoe\AppData\Local\Temp\pgtyrpod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035fb000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff800035fb042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 000000014a610460
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 000000014a610450
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 000000014a610370
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 000000014a610470
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 000000014a6103e0
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 000000014a610320
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 000000014a6103b0
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 000000014a610390
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 000000014a6102e0
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 000000014a6102d0
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 000000014a610310
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 000000014a6103c0
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 000000014a6103f0
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 000000014a610230
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 000000014a610480
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 000000014a6103a0
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 000000014a6102f0
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 000000014a610350
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 000000014a610290
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 000000014a6102b0
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 000000014a6103d0
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 000000014a610330
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 000000014a610410
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 000000014a610240
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 000000014a6101e0
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 000000014a610250
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 000000014a610490
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 000000014a6104a0
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 000000014a610300
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 000000014a610360
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 000000014a6102a0
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 000000014a6102c0
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 000000014a610380
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 000000014a610340
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 000000014a610440
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 000000014a610260
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 000000014a610270
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 000000014a610400
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 000000014a6101f0
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 000000014a610210
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 000000014a610200
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 000000014a610420
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 000000014a610430
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 000000014a610220
.text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 000000014a610280
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\wininit.exe[720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 000000014a610460
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 000000014a610450
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 000000014a610370
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 000000014a610470
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 000000014a6103e0
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 000000014a610320
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 000000014a6103b0
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 000000014a610390
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 000000014a6102e0
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 000000014a6102d0
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 000000014a610310
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 000000014a6103c0
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 000000014a6103f0
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 000000014a610230
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 000000014a610480
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 000000014a6103a0
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 000000014a6102f0
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 000000014a610350
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 000000014a610290
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 000000014a6102b0
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 000000014a6103d0
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 000000014a610330
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 000000014a610410
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 000000014a610240
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 000000014a6101e0
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 000000014a610250
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 000000014a610490
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 000000014a6104a0
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 000000014a610300
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 000000014a610360
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 000000014a6102a0
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 000000014a6102c0
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 000000014a610380
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 000000014a610340
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 000000014a610440
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 000000014a610260
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 000000014a610270
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 000000014a610400
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 000000014a6101f0
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 000000014a610210
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 000000014a610200
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 000000014a610420
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 000000014a610430
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 000000014a610220
.text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 000000014a610280
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\services.exe[784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\winlogon.exe[868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\svchost.exe[416] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
|
|
21.10.2014, 23:42
| #3 |
| | Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. GMER:
__________________Teil 2: Code:
ATTFilter .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000100070460
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000100070450
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000100070370
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000100070470
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000100070320
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000100070390
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000100070310
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000100070230
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000100070480
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000100070350
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000100070290
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000100070330
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000100070410
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000100070240
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000100070250
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000100070490
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000100070300
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000100070360
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000100070380
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000100070340
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000100070440
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000100070260
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000100070270
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000100070400
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000100070210
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000100070200
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000100070420
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000100070430
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000100070220
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000100070280
.text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Program Files (x86)\Rohos\agent.exe[1304] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1256] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[2120] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
|
|
21.10.2014, 23:44
| #4 |
| | Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. Gmer: Teil 3: Code:
ATTFilter .text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2400] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2476] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2864] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2900] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe[2948] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3004] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077021465 2 bytes [02, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770214bb 2 bytes [02, 77]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077021465 2 bytes [02, 77]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770214bb 2 bytes [02, 77]
.text ... * 2
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000100290460
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000100290450
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000100290370
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000100290470
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 00000001002903e0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000100290320
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 00000001002903b0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000100290390
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 00000001002902e0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 00000001002902d0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000100290310
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 00000001002903c0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 00000001002903f0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000100290230
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000100290480
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 00000001002903a0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 00000001002902f0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000100290350
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000100290290
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 00000001002902b0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 00000001002903d0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000100290330
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000100290410
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000100290240
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 00000001002901e0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000100290250
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000100290490
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 00000001002904a0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000100290300
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000100290360
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 00000001002902a0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 00000001002902c0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000100290380
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000100290340
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000100290440
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000100290260
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000100290270
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000100290400
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 00000001002901f0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000100290210
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000100290200
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000100290420
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000100290430
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000100290220
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000100290280
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[2296] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2572] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2072] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077021465 2 bytes [02, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770214bb 2 bytes [02, 77]
.text ... * 2
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\System32\svchost.exe[3104] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3160] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077021465 2 bytes [02, 77]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770214bb 2 bytes [02, 77]
.text ... * 2
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\Explorer.EXE[4292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Windows\System32\PrintDisp.exe[4960] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
|
|
21.10.2014, 23:45
| #5 |
| | Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. GMER: Teil 4: Code:
ATTFilter .text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\conhost.exe[4912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5440] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe[5476] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe[5500] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000100070460
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000100070450
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000100070370
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000100070470
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 00000001000703e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000100070320
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 00000001000703b0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000100070390
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 00000001000702e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 00000001000702d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000100070310
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 00000001000703c0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 00000001000703f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000100070230
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000100070480
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 00000001000703a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 00000001000702f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000100070350
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000100070290
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 00000001000702b0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 00000001000703d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000100070330
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000100070410
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000100070240
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 00000001000701e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000100070250
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000100070490
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 00000001000704a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000100070300
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000100070360
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 00000001000702a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 00000001000702c0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000100070380
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000100070340
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000100070440
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000100070260
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000100070270
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000100070400
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 00000001000701f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000100070210
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000100070200
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000100070420
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000100070430
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000100070220
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000100070280
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1208] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075b68791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1208] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5168] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[5368] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[4684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5748] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
|
|
21.10.2014, 23:47
| #6 |
| | Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. GMER: Teil 5: Code:
ATTFilter .text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Users\skyerjoe\Downloads\Defogger(1).exe[5380] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Users\skyerjoe\Downloads\Defogger(1).exe[5380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077021465 2 bytes [02, 77]
.text C:\Users\skyerjoe\Downloads\Defogger(1).exe[5380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770214bb 2 bytes [02, 77]
.text ... * 2
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Windows\system32\conhost.exe[6936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6148] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[408] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a4ef8d 1 byte [62]
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b61360 5 bytes JMP 0000000077cc0460
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b61510 5 bytes JMP 0000000077cc0370
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b61560 5 bytes JMP 0000000077cc0470
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b61620 5 bytes JMP 0000000077cc0320
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b61670 5 bytes JMP 0000000077cc0390
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b61750 5 bytes JMP 0000000077cc0310
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b61940 5 bytes JMP 0000000077cc0230
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b62160 5 bytes JMP 0000000077cc0250
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b62190 5 bytes JMP 0000000077cc0490
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b622d0 5 bytes JMP 0000000077cc0340
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text C:\Users\skyerjoe\Downloads\Gmer-19357(1).exe[5612] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2fd 1 byte [62]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27abb
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x72 0x7B 0x6C 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a27abb (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x72 0x7B 0x6C 0x43 ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter C:\Program Files (x86)\ICQ7.2\upgrade\2dcd1d63cb45e6613582211c3d5f4b23 Win32/OpenCandy potenziell unsichere Anwendung
C:\Program Files (x86)\ICQ7.2\upgrade\53e83dd5315bfb1f928441c9b4618b68 Win32/OpenCandy potenziell unsichere Anwendung
C:\Program Files (x86)\SIW\siw.exe Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung
C:\UBCD4Win\UBCD4WinBuilder.iso Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung
C:\UBCD4Win\UBCD4Windows2.iso Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung
C:\UBCD4Win\BartPE\plugin\CDBurning\ExpressBurn\expressburn.exe Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung
C:\UBCD4Win\BartPE\plugin\Cleanup Tools\SDFix\SDFix.exe Win32/PrcView potenziell unsichere Anwendung
C:\UBCD4Win\BartPE\plugin\System-Info\Information\SysInfo\sysinfo.7z Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung
C:\UBCD4Win\BartPE\PROGRAMS\ExpressBurn\expressburn.exe Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung
C:\UBCD4Win\BartPE\PROGRAMS\sdfix\SDFix.exe Win32/PrcView potenziell unsichere Anwendung
C:\UBCD4Win\BartPE\PROGRAMS\SysInfo\sysinfo.7z Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung
C:\UBCD4Win\plugin\CDBurning\ExpressBurn\expressburn.exe Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung
C:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe Win32/PrcView potenziell unsichere Anwendung
C:\UBCD4Win\plugin\System-Info\Information\SysInfo\sysinfo.7z Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung
C:\Users\sky\AppData\Local\Temp\AskSLib.dll Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
C:\Users\skyerjoe\AppData\Local\Temp\AskSLib.dll Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
C:\Users\skyerjoe\AppData\Local\Temp\is357113909\4807726_stp\wajam_validate.exe Win32/Wajam.F evtl. unerwünschte Anwendung
C:\Users\skyerjoe\AppData\Local\Temp\is961225091\wajam_validate.exe Win32/Wajam.F evtl. unerwünschte Anwendung
C:\Users\skyerjoe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4b211524-78b104e0 Java/Exploit.Agent.NBV Trojaner
C:\Users\skyerjoe\Desktop\FritzRePass+U3\Portable\FritzRePass.exe Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Desktop\FritzRePass+U3\U3\FritzRePassU3.exe Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Desktop\sciherung\Private\102033E6\MIDlets\[1016b656]\mini.jar J2ME/TrojanSMS.Agent.EG Trojaner
C:\Users\skyerjoe\Desktop\siw\SIWPortable\SIWPortable.exe Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung
C:\Users\skyerjoe\Documents\downloads\Integrated_BrotherSoft_TB.exe Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\avira_free_antivirus_de.exe Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung
C:\Users\skyerjoe\Downloads\cdbxp_setup_4.3.7.2356.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\skyerjoe\Downloads\Driver.Genius.Professional.10.0.0.526.rar Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\FritzRePass1.20-U3(1).zip Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\FritzRePass1.20-U3-tmp.zip Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\FritzRePass1.20-U3.zip Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\goPod-Setup(1).exe Win32/WinloadSDA.C evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\goPod-Setup.exe Win32/WinloadSDA.C evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\isobuster_install.exe Win32/SmartFileAdvisor.A evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\KeyFinderInstaller.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\skyerjoe\Downloads\NetTools5.0.70.zip Variante von Win32/NetTool.Portscan.AA potenziell unsichere Anwendung
C:\Users\skyerjoe\Downloads\PDF XChange Viewer - CHIP-Downloader.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\ruKernelTool(1).zip Win32/Packed.Autoit.H evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\ruKernelTool.zip Win32/Packed.Autoit.H evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\Samsung_GSM(2G)_GT-E1200_Treiber_Update_01-2014.exe Variante von Win32/Systweak.H evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\siw-setup(1).exe Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung
C:\Users\skyerjoe\Downloads\siw-setup.exe Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\SIWPortable_2011.10.29.paf.exe Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung
C:\Users\skyerjoe\Downloads\Virtual CloneDrive - CHIP-Downloader.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\vshare-plugin.exe Win32/TopMedia.A evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\Word Viewer - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\ZipSetup.exe Variante von Win32/InstallCore.IX evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\Fritz Recover\FritzRePass1.20+U3.zip Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\Fritz Recover\FritzRePass1.20+U3\FritzRePass+U3\U3\FritzRePassU3.exe Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\FritzRePass+U3\Portable\FritzRePass.exe Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\FritzRePass+U3\U3\FritzRePassU3.exe Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\FritzRePass1.20+U3\FritzRePass+U3\Portable\FritzRePass.exe Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\FritzRePass1.20+U3\FritzRePass+U3\U3\FritzRePassU3.exe Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\ruKernelTool(1)\ruKernelTool\_Lib_\PrettyPrintFirmwareLinkListe.exe Win32/Packed.Autoit.H evtl. unerwünschte Anwendung
|
|
22.10.2014, 11:40
| #7 |
| /// the machine /// TB-Ausbilder    | Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. hi, Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.10.2014, 19:18
| #8 |
| | Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. Hallo Schrauber, Danke schonmal für die Hilfe.... Was mir persönlich wichtig wäre, den Grund zu finden, warum das passiert, also nicht nur das es nicht mehr auftritt, sondern auch warum ist es aufgetreten. Wäre nett, wenn du das in deinem Vorgehen berücksichtigen könntest Danke  |
|
23.10.2014, 17:35
| #9 |
| /// the machine /// TB-Ausbilder | Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. Ehm, was genau meinst du?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.10.2014, 00:36
| #10 | |
| | Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.Zitat:
Hier die Combofix.xt: Combofix Logfile: Code:
ATTFilter ComboFix 14-10-21.01 - skyerjoe 22.10.2014 20:33:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3950.1584 [GMT 2:00]
ausgeführt von:: c:\users\skyerjoe\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\skyerjoe\AppData\Roaming\.#
c:\users\skyerjoe\plugins .txt
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-09-22 bis 2014-10-22 ))))))))))))))))))))))))))))))
.
.
2014-10-22 18:46 . 2014-10-22 18:46 -------- d-----w- c:\users\sky\AppData\Local\temp
2014-10-22 18:46 . 2014-10-22 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-21 11:37 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{399C02BD-98AF-4861-A997-8837CCA18546}\mpengine.dll
2014-10-16 17:20 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-16 17:20 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
2014-10-16 17:20 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2014-10-16 17:20 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2014-10-16 17:20 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2014-10-16 17:20 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
2014-10-16 17:20 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2014-10-16 17:18 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
2014-10-16 17:18 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-16 17:18 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2014-10-16 17:18 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-10-16 17:16 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-16 17:16 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-12 13:20 . 2014-10-12 13:20 -------- d-----w- c:\users\sky\AppData\Local\Apple
2014-10-12 13:19 . 2014-10-12 13:19 -------- d-----w- c:\users\sky\AppData\Local\Macromedia
2014-10-09 16:59 . 2014-10-09 16:59 -------- d-----w- c:\program files (x86)\ESET
2014-10-07 19:38 . 2014-10-07 19:38 -------- d-----w- c:\users\skyerjoe\AppData\Local\Microsoft_Corporation
2014-10-07 19:34 . 2014-10-07 19:34 -------- d-----w- c:\users\MSSQL$SQLEXPRESS
2014-10-07 19:33 . 2012-02-11 08:02 45656 ----a-w- c:\windows\SysWow64\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-10-07 19:33 . 2012-02-11 06:44 54360 ----a-w- c:\windows\system32\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-10-07 19:33 . 2012-02-11 08:03 82520 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr11.0.2100.60.dll
2014-10-07 19:33 . 2012-02-11 06:44 95832 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.0.2100.60.dll
2014-10-07 19:33 . 2012-02-11 06:46 82520 ----a-w- c:\windows\system32\fssres.dll
2014-10-07 19:33 . 2012-02-11 06:46 180312 ----a-w- c:\windows\system32\hadrres.dll
2014-10-07 19:28 . 2014-10-07 19:28 -------- d-----w- c:\windows\system32\RsFx
2014-10-07 19:27 . 2014-10-07 19:27 -------- d-----w- c:\program files\Microsoft.NET
2014-10-07 19:25 . 2014-10-07 19:25 -------- d-----w- c:\windows\SysWow64\1033
2014-10-07 19:25 . 2014-10-07 19:25 -------- d-----w- c:\windows\system32\1033
2014-10-07 19:25 . 2014-10-08 18:07 84832 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll
2014-10-07 19:21 . 2014-10-07 19:25 -------- d-----w- c:\windows\SysWow64\1031
2014-10-07 19:20 . 2014-10-07 19:22 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2014-10-07 19:18 . 2014-10-07 19:18 -------- d-----w- c:\windows\symbols
2014-10-07 19:18 . 2014-10-07 19:25 -------- d-----w- c:\windows\system32\1031
2014-10-07 19:18 . 2014-10-07 19:18 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2014-10-07 19:18 . 2014-10-07 19:18 -------- d-----w- c:\program files\Microsoft Help Viewer
2014-10-07 19:18 . 2014-10-07 19:18 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2014-10-07 19:12 . 2014-10-07 19:38 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2014-10-07 18:57 . 2014-10-07 19:38 -------- d-----w- c:\program files\Microsoft SQL Server
2014-10-02 15:53 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-02 15:53 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-24 18:53 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-24 18:53 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-16 22:09 . 2010-06-14 22:00 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-02 13:53 . 2010-06-29 23:44 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-24 18:37 . 2013-11-14 15:20 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 18:37 . 2011-05-18 23:19 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-09 12:15 . 2014-09-09 12:15 2273432 ----a-w- c:\windows\SysWow64\Ddbaccpl.cpl
2014-09-09 12:15 . 2014-09-09 12:15 1659544 ----a-w- c:\windows\SysWow64\ddBACCTM.cpl
2014-08-23 02:07 . 2014-08-29 21:01 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-29 21:01 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-01 11:53 . 2014-09-12 16:39 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-12 16:39 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files (x86)\navigram_register.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-06-02 12:53 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rohos"="c:\program files (x86)\Rohos\agent.exe" [2011-05-17 801080]
"AVMUSBFernanschluss"="c:\users\skyerjoe\AppData\Local\Apps\2.0\BTH1ZOGT.8OZ\L89TLL57.57W\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe" [2014-04-03 139264]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-10-14 784904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2010-09-05 1655296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-20 102400]
"Ext2 Volume Manager"="c:\program files\Ext2Fsd\Ext2Mgr.exe" [2011-02-05 1211536]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Tiny DHCP Server"="c:\program files (x86)\Tiny DHCP Server\dhcpsrv.exe" [2011-08-30 94208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-05-26 152392]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2011-08-02 46952]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2011-08-02 30568]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2014-06-16 139776]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
windata Zahlungserinnerung.lnk - c:\windata\Home\windataZahlungserinnerung.exe [2014-1-14 698040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 20:03 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe;c:\windows\SYSNATIVE\PrintCtrl.exe [x]
R2 Rohos Disk;Rohos Disk service;c:\program files (x86)\Rohos\agent.exe;c:\program files (x86)\Rohos\agent.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 BazisPortableCDBus;Portable WinCDEmu driver;c:\windows\system32\drivers\BazisPortableCDBus.sys;c:\windows\SYSNATIVE\drivers\BazisPortableCDBus.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.8.130\McCHSvc.exe;c:\program files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS;c:\windows\SYSNATIVE\DRIVERS\TVICHW64.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]
R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0200.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 Ext2fs;Ext2fs;c:\windows\system32\DRIVERS\ext2fs.sys;c:\windows\SYSNATIVE\DRIVERS\ext2fs.sys [x]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S1 IfsMount;IfsMount;c:\windows\system32\DRIVERS\ifsmount.sys;c:\windows\SYSNATIVE\DRIVERS\ifsmount.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz134_x64.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 RHDISK_AMD64;RHDISK_AMD64;c:\program files (x86)\Rohos\RHDISK_AMD64.SYS;c:\program files (x86)\Rohos\RHDISK_AMD64.SYS [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys;c:\windows\SYSNATIVE\DRIVERS\avmaura.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-19 07:13 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-14 18:38]
.
2014-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-05 22:21]
.
2014-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-05 22:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-06-02 12:53 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-15 16:42 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2009-08-21 878080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}: NameServer = 192.168.178.1
TCP: Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}\64259445A51224F6870264F6E60275C414E40273237303: NameServer = 192.168.178.1
TCP: Interfaces\{D61CA8A8-A9C5-4B05-8B5C-1FF6CD0702CA}: NameServer = 192.168.178.15
FF - ProfilePath - c:\users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home|hxxp://www.giga.de/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=36635f72-2fdb-11e1-a98e-54424907d5f0&q=
FF - prefs.js: network.proxy.ftp - 192.168.43.1
FF - prefs.js: network.proxy.ftp_port - 34731
FF - prefs.js: network.proxy.http - 192.168.43.1
FF - prefs.js: network.proxy.http_port - 34731
FF - prefs.js: network.proxy.socks - 192.168.43.1
FF - prefs.js: network.proxy.socks_port - 34731
FF - prefs.js: network.proxy.ssl - 192.168.43.1
FF - prefs.js: network.proxy.ssl_port - 34731
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=wbst&chnl=&cd=2XzutAtN2Y1L1QzuyB0E0D0DtDzz0C0CyDyEzztD0F0FzyzytN0D0TzutBtDtCtBtDyDtBzy&cr=132461038
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=wbst&chnl=&cd=2XzutAtN2Y1L1QzuyB0E0D0DtDzz0C0CyDyEzztD0F0FzyzytN0D0TzutBtDtCtBtDyDtBzy&cr=132461038
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - 58e2ff990000000000007edd08cc5480
FF - user.js: extensions.funmoods.instlDay - 15489
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2223:12
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - wbst
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef -
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Rainbow Sentinel Driver - c:\windows\SYSTEM32\RNBOSENT\SETUPX86.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-22 20:52:59
ComboFix-quarantined-files.txt 2014-10-22 18:52
.
Vor Suchlauf: 29 Verzeichnis(se), 29.462.491.136 Bytes frei
Nach Suchlauf: 35 Verzeichnis(se), 31.901.159.424 Bytes frei
.
- - End Of File - - 8F8BB07D90B8EB374AE102792E837BF3
grüße fireskyer |
|
29.10.2014, 19:37
| #11 |
| /// the machine /// TB-Ausbilder | Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. Adware. Aber wo genau, bei welchem KLick oder welcher Installation, das kann man nicht sagen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.10.2014, 00:04
| #12 | |
| | Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.Zitat:
Ah ok das reicht mir eigentlich schon als Diagnose, solange es kein wirklich schädliches Virus ist... Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 30.10.2014 Suchlauf-Zeit: 20:30:17 Logdatei: malwarebytes.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.10.30.12 Rootkit Datenbank: v2014.10.22.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: skyerjoe Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 457179 Verstrichene Zeit: 38 Min, 56 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Tiefer Rootkit-Suchlauf: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 2 PUP.Optional.StartSear.A, C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\searchplugins\startsear.xml, In Quarantäne, [338e33e4b7c551e5d80b9a93da2929d7], PUP.Optional.FunMoods.A, C:\Users\skyerjoe\AppData\Local\funmoods-speeddial.crx, In Quarantäne, [e0e12ee93c40a096716df0a1ed1725db], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Adwcleaner: Code:
ATTFilter # AdwCleaner v4.002 - Bericht erstellt am 30/10/2014 um 23:09:41
# DB v2014-10-26.6
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : skyerjoe - SKYERJOE-VAIO
# Gestartet von : C:\Users\skyerjoe\Downloads\AdwCleaner_4.002.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : Partner Service
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Local\PackageAware
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\28omnlq6.default\Extensions\staged\ffxtlbr@funmoods.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\2s01k1bz.default\Extensions\staged\ffxtlbr@funmoods.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\hl84skt3.default\Extensions\staged\ffxtlbr@funmoods.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\qoc2jims.default\Extensions\staged\ffxtlbr@funmoods.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\28omnlq6.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\2s01k1bz.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\hl84skt3.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\qoc2jims.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Ordner Gelöscht : C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Datei Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\user.js
Datei Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\28omnlq6.default\user.js
Datei Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\2s01k1bz.default\user.js
Datei Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\hl84skt3.default\user.js
Datei Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\qoc2jims.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\Magical Jelly Bean\OpenCandy
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.0 (x86 de)
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [9488 octets] - [30/10/2014 23:05:01]
AdwCleaner[S0].txt - [8877 octets] - [30/10/2014 23:09:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8937 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by skyerjoe on 30.10.2014 at 23:18:43,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{01027486-F7EC-4174-AABE-67DF604D8901}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{01027486-F7EC-4174-AABE-67DF604D8901}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\skyerjoe\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\skyerjoe\AppData\Roaming\thinstall"
~~~ FireFox
Successfully deleted the following from C:\Users\skyerjoe\AppData\Roaming\mozilla\firefox\profiles\038mguur.default\prefs.js
user_pref("betterfacebook.100001728981609/prefs", "{\"installed_on_5\":1312824336483,\"last_message_check\":1316183404281,\"donate_check_time\":1316278251071,\"last_tip_check\
user_pref("browser.search.defaultengine", "Web Search");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.asktb.cbid", "PV");
user_pref("extensions.asktb.crumb", "2011.08.08+10.24.48-toolbar008iad-DE-TnVyZW1iZXJnLEdlcm1hbnk%3D");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}");
user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1312966819950");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.o", "15000");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "7");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.v", "3.9.1.100006");
user_pref("extensions.funmoods.aflt", "wbst");
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
user_pref("extensions.funmoods.cntry", "DE");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", false);
user_pref("extensions.funmoods.dfltlng", "en");
user_pref("extensions.funmoods.dfltsrch", "false");
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hdrMd5", "020026FB59543215288E38223A46A7D3");
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=wbst&chnl=&cd=2XzutAtN2Y1L1QzuyB0E0D0DtDzz0C0CyDyEzztD0F0FzyzytN0D0TzutBtDtCtBtDyDtBzy&cr=132461038"
user_pref("extensions.funmoods.hrdid", "58e2ff990000000000007edd08cc5480");
user_pref("extensions.funmoods.id", "58e2ff990000000000007edd08cc5480");
user_pref("extensions.funmoods.instlDay", "15489");
user_pref("extensions.funmoods.instlRef", "");
user_pref("extensions.funmoods.instlday", "15489");
user_pref("extensions.funmoods.instlref", "");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.keywordurl", "");
user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2223:12:46");
user_pref("extensions.funmoods.logicsmngrdailyreporttime", "18-06-2012");
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
user_pref("extensions.funmoods.newTab", true);
user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=wbst&chnl=&cd=2XzutAtN2Y1L1QzuyB0E0D0DtDzz0C0CyDyEzztD0F0FzyzytN0D0TzutBtDtCtBtDyDtBzy&cr=13246103
user_pref("extensions.funmoods.newtab", true);
user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=wbst&chnl=&cd=2XzutAtN2Y1L1QzuyB0E0D0DtDzz0C0CyDyEzztD0F0FzyzytN0D0TzutBtDtCtBtDyDtBzy&cr=13246103
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.prtnrid", "funmoods");
user_pref("extensions.funmoods.savedVrsnTs", "1");
user_pref("extensions.funmoods.sg", "none");
user_pref("extensions.funmoods.smplGrp", "none");
user_pref("extensions.funmoods.smplgrp", "none");
user_pref("extensions.funmoods.srch", "");
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.srchprvdr", "Search");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "");
user_pref("extensions.funmoods.tlbrid", "base");
user_pref("extensions.funmoods.tlbrsrchurl", "");
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsnTs", "1.5.23.2223:12:46");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods.vrsnts", "1.5.23.2223:12:46");
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2223:12:46");
user_pref("keyword.URL", "hxxp://startsear.ch/?aff=1&src=sp&cf=36635f72-2fdb-11e1-a98e-54424907d5f0&q=");
Emptied folder: C:\Users\skyerjoe\AppData\Roaming\mozilla\firefox\profiles\038mguur.default\minidumps [80 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\skyerjoe\appdata\local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.10.2014 at 23:24:43,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST: frst.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01
Ran by skyerjoe (administrator) on SKYERJOE-VAIO on 30-10-2014 23:53:40
Running from C:\Users\skyerjoe\Downloads
Loaded Profile: skyerjoe (Available profiles: skyerjoe & sky & MSSQL$SQLEXPRESS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Tesline-Service SRL) C:\Program Files (x86)\Rohos\agent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-16] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [PrintDisp] => C:\Windows\system32\PrintDisp.exe [878080 2009-08-21] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-21] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1655296 2010-09-05] (Dominik Reichl)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ext2 Volume Manager] => C:\Program Files\Ext2Fsd\Ext2Mgr.exe [1211536 2011-02-05] (Ext2Fsd Group (www.ext2fsd.com))
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Tiny DHCP Server] => C:\Program Files (x86)\Tiny DHCP Server\dhcpsrv.exe [94208 2011-08-30] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [Rohos] => C:\Program Files (x86)\Rohos\agent.exe [801080 2011-05-17] (Tesline-Service SRL)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\skyerjoe\AppData\Local\Apps\2.0\BTH1ZOGT.8OZ\L89TLL57.57W\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-04-03] (AVM Berlin)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
AppInit_DLLs: C:\Windows\System32\acaptuser64.dll => C:\Windows\System32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\windata Zahlungserinnerung.lnk
ShortcutTarget: windata Zahlungserinnerung.lnk -> C:\windata\Home\windataZahlungserinnerung.exe (windata GmbH & Co.KG)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {2ACC42B3-35D9-443C-A196-98B24C83B63A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
SearchScopes: HKCU - {35F08D01-53EE-40D5-9B58-2E54616CA883} URL = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
SearchScopes: HKCU - {529538C8-6480-4BF9-9D9D-847EE0E86B93} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {D4458402-FDE2-4BEA-B7CC-D06F9B2A768F} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Tcpip\..\Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}: [NameServer] 192.168.178.1
Tcpip\..\Interfaces\{D61CA8A8-A9C5-4B05-8B5C-1FF6CD0702CA}: [NameServer] 192.168.178.15
FireFox:
========
FF ProfilePath: C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default
FF SelectedSearchEngine: Google
FF Homepage: about:home|hxxp://www.giga.de/
FF NetworkProxy: "backup.ftp", "192.168.43.1"
FF NetworkProxy: "backup.ftp_port", 3431
FF NetworkProxy: "backup.socks", "192.168.43.1"
FF NetworkProxy: "backup.socks_port", 3431
FF NetworkProxy: "backup.ssl", "192.168.43.1"
FF NetworkProxy: "backup.ssl_port", 3431
FF NetworkProxy: "ftp", "192.168.43.1"
FF NetworkProxy: "ftp_port", 34731
FF NetworkProxy: "http", "192.168.43.1"
FF NetworkProxy: "http_port", 34731
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.43.1"
FF NetworkProxy: "socks_port", 34731
FF NetworkProxy: "ssl", "192.168.43.1"
FF NetworkProxy: "ssl_port", 34731
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\searchplugins\gutscheinsuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: FreeSpeechMe - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\convergence@dot-bit.org [2014-05-16]
FF Extension: FoxyProxy Standard - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\foxyproxy@eric.h.jung [2014-09-05]
FF Extension: Bitdefender QuickScan - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-17]
FF Extension: Social Fixer - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\betterfacebook@mattkruse.com.xpi [2011-08-08]
FF Extension: Facebook Chat History Manager - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\fbchathistory@firechm.com.xpi [2011-08-09]
FF Extension: FireNes - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\firenes@facundo.zaldo.xpi [2012-01-03]
FF Extension: Premiumize.me - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\jid1-sirVJT0BXhkuJg@jetpack.xpi [2014-07-15]
FF Extension: Deutsch (DE) Language Pack - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2011-12-28]
FF Extension: Stealthy - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\stealthyextension@gmail.com.xpi [2011-10-30]
FF Extension: Flagfox - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-12]
FF Extension: Encrypted Communication - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{52a7f893-d228-412e-9b28-bc61491462f6}.xpi [2014-02-05]
FF Extension: BugMeNot Plugin - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2011-07-17]
FF Extension: Adblock Plus - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-10]
FF Extension: Torbutton - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2011-08-18]
FF Extension: User Agent Switcher - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-06-20]
FF Extension: WorldIP - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2011-08-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-10]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
Chrome:
=======
CHR Profile: C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (avast! SafePrice) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-14]
CHR Extension: (avast! Online Security) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-14]
CHR Extension: (Google Wallet) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Printer Control; C:\Windows\system32\PrintCtrl.exe [77824 2009-06-16] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
R2 Rohos Disk; C:\Program Files (x86)\Rohos\agent.exe [801080 2011-05-17] (Tesline-Service SRL)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-27] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-15] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2014-04-03] (AVM Berlin)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [268896 2014-04-03] (SysProgs.org)
R1 Ext2fs; C:\Windows\System32\DRIVERS\ext2fs.sys [270272 2008-09-25] (Stephan Schreiber)
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [769816 2011-07-09] (www.ext2fsd.com)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-04-08] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-12-03] (Paragon Software Group)
R1 IfsMount; C:\Windows\System32\DRIVERS\ifsmount.sys [80320 2008-08-28] (Stephan Schreiber)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7778176 2009-12-16] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [244736 2009-12-16] (Intel(R) Corporation) [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-30] (Malwarebytes Corporation)
R2 regi; C:\Windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo)
R2 RHDISK_AMD64; C:\Program Files (x86)\Rohos\RHDISK_AMD64.SYS [31408 2009-07-24] (Tesline-Service SRL)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 Sntnlusb; C:\Windows\SysWOW64\DRIVERS\SNTNLUSB.SYS [26120 2002-12-16] (Rainbow Technologies Inc.)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-06-10] (Duplex Secure Ltd.)
S3 TVICHW64; C:\Windows\system32\DRIVERS\TVICHW64.SYS [21200 2010-08-30] (EnTech Taiwan)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113952 2014-02-25] (Oracle Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-30 23:52 - 2014-10-30 23:52 - 00000000 ____D () C:\Users\skyerjoe\Downloads\FRST-OlderVersion
2014-10-30 23:51 - 2014-10-30 23:51 - 00001067 _____ () C:\Users\skyerjoe\Desktop\JRT.txt
2014-10-30 23:38 - 2014-10-30 23:38 - 00000020 _____ () C:\Users\skyerjoe\defogger_reenable
2014-10-30 23:24 - 2014-10-30 23:24 - 00005807 _____ () C:\Users\skyerjoe\Downloads\JRT.txt
2014-10-30 23:18 - 2014-10-30 23:18 - 00000000 ____D () C:\Windows\ERUNT
2014-10-30 23:13 - 2014-10-30 23:13 - 00009077 _____ () C:\Users\skyerjoe\Downloads\AdwCleaner[S0].txt
2014-10-30 23:08 - 2014-10-30 23:08 - 00009488 _____ () C:\Users\skyerjoe\Downloads\AdwCleaner[R0].txt
2014-10-30 23:01 - 2014-10-30 23:09 - 00000000 ____D () C:\AdwCleaner
2014-10-30 23:01 - 2014-10-30 23:01 - 01706144 _____ (Thisisu) C:\Users\skyerjoe\Downloads\JRT.exe
2014-10-30 21:15 - 2014-10-30 21:15 - 00001529 _____ () C:\Users\skyerjoe\Downloads\malwarebytes.txt
2014-10-30 21:14 - 2014-10-30 21:14 - 00001502 _____ () C:\Users\skyerjoe\Documents\malwarebyte.txt
2014-10-30 20:41 - 2014-10-30 20:41 - 02857530 _____ (Machinecode Technologies) C:\Users\skyerjoe\Downloads\Secure_Banking_2.0.1.exe
2014-10-30 20:31 - 2014-10-30 20:31 - 01998336 _____ () C:\Users\skyerjoe\Downloads\AdwCleaner_4.002.exe
2014-10-30 20:29 - 2014-10-30 23:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-30 20:29 - 2014-10-30 20:29 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\skyerjoe\Downloads\mbam-setup-2.0.3.1025(1).exe
2014-10-30 20:29 - 2014-10-30 20:29 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-30 20:29 - 2014-10-30 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-30 20:29 - 2014-10-30 20:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-30 20:29 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-30 20:29 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-30 20:29 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-30 20:25 - 2014-10-30 20:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\skyerjoe\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-24 20:20 - 2014-10-24 20:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-24 19:45 - 2014-10-24 19:57 - 00000000 ____D () C:\Users\sky\Desktop\Arbeitsstick
2014-10-24 19:41 - 2014-10-24 19:43 - 00000000 ____D () C:\Users\sky\AppData\Roaming\MediaMonkey
2014-10-24 19:41 - 2014-10-24 19:41 - 00000000 ____D () C:\Users\sky\AppData\Local\MediaMonkey
2014-10-24 19:36 - 2014-10-24 20:26 - 00000000 ____D () C:\Users\sky\Downloads\k.stick
2014-10-24 19:35 - 2014-10-24 19:39 - 00000000 ____D () C:\Users\sky\AppData\Roaming\TeraCopy
2014-10-24 19:32 - 2014-10-24 19:45 - 00000000 ____D () C:\Users\sky\AppData\Roaming\vlc
2014-10-24 19:32 - 2014-10-24 19:32 - 00000000 ____D () C:\Users\sky\AppData\Roaming\Corel
2014-10-24 19:30 - 2014-10-24 19:30 - 00000000 ____D () C:\Users\sky\Corel
2014-10-22 21:27 - 2014-10-22 21:26 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-22 21:05 - 2014-10-22 21:06 - 92658088 _____ (Oracle Corporation) C:\Users\skyerjoe\Downloads\jre-8u25-windows-x64.exe
2014-10-22 19:52 - 2014-10-22 19:52 - 00033333 _____ () C:\ComboFix.txt
2014-10-22 19:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-22 19:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-22 19:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-22 19:29 - 2014-10-22 19:53 - 00000000 ____D () C:\Qoobox
2014-10-22 19:29 - 2014-10-22 19:48 - 00000000 ____D () C:\Windows\erdnt
2014-10-22 19:23 - 2014-10-22 19:23 - 05584933 ____R (Swearware) C:\Users\skyerjoe\Downloads\ComboFix.exe
2014-10-22 17:14 - 2014-10-22 17:14 - 00000000 ____D () C:\Users\skyerjoe\Downloads\RevoUninstallerPortable
2014-10-22 17:13 - 2014-10-22 17:13 - 02785665 _____ (PortableApps.com) C:\Users\skyerjoe\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2014-10-22 00:27 - 2014-10-22 00:27 - 00454448 _____ () C:\Windows\Minidump\102214-38111-01.dmp
2014-10-21 22:32 - 2014-10-21 22:59 - 00045524 _____ () C:\Users\skyerjoe\Desktop\logs.rar
2014-10-21 20:40 - 2014-10-21 21:30 - 00125204 _____ () C:\Users\skyerjoe\Downloads\Shortcut.txt
2014-10-21 19:58 - 2014-10-21 21:59 - 00508927 _____ () C:\Users\skyerjoe\Desktop\gmer.log
2014-10-21 19:32 - 2014-10-21 19:32 - 00060979 _____ () C:\Users\skyerjoe\Downloads\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.htm
2014-10-21 19:32 - 2014-10-21 19:32 - 00000000 ____D () C:\Users\skyerjoe\Downloads\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board_files
2014-10-21 19:28 - 2014-10-21 19:28 - 00380416 _____ () C:\Users\skyerjoe\Downloads\Gmer-19357(1).exe
2014-10-21 19:08 - 2014-10-21 22:00 - 00000292 _____ () C:\Users\skyerjoe\Downloads\defogger_enable.log
2014-10-21 19:07 - 2014-10-21 19:07 - 00050477 _____ () C:\Users\skyerjoe\Downloads\Defogger(1).exe
2014-10-21 13:09 - 2014-10-21 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-10-19 16:52 - 2014-10-19 16:52 - 00005118 _____ () C:\Users\skyerjoe\Downloads\eset-kompl.txt
2014-10-18 15:13 - 2014-10-18 15:13 - 00924173 _____ () C:\Users\skyerjoe\Downloads\BrMain480(1).exe
2014-10-18 13:03 - 2014-10-18 13:03 - 00000725 _____ () C:\Users\skyerjoe\Downloads\eset.txt
2014-10-18 12:59 - 2014-10-18 12:59 - 00000000 ____D () C:\Users\skyerjoe\Downloads\nettool
2014-10-18 12:58 - 2014-10-18 12:58 - 00980304 _____ (A.I.SOFT,INC.) C:\Users\skyerjoe\Downloads\nettool_1270.EXE
2014-10-18 11:41 - 2014-10-18 11:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox4
2014-10-16 18:20 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 18:20 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 18:19 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 18:19 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 18:19 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 18:19 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 18:19 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 18:19 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 18:19 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 18:19 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 18:19 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 18:19 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 18:19 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 18:19 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 18:19 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 18:19 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 18:19 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 18:19 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 18:19 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 18:19 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 18:19 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 18:19 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 18:19 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 18:19 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 18:19 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 18:19 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 18:19 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 18:19 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 18:19 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 18:19 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 18:19 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 18:19 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 18:19 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 18:19 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 18:19 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 18:19 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 18:19 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 18:19 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 18:19 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 18:19 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 18:19 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 18:19 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 18:19 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 18:19 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 18:19 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 18:19 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 18:19 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 18:19 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 18:19 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 18:19 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 18:19 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 18:19 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 18:19 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 18:19 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 18:19 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 18:19 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 18:19 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 18:18 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 18:18 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 18:18 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 18:18 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 18:17 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 18:17 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 18:17 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 18:17 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 18:17 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 18:17 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 18:17 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 18:17 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 18:17 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 18:17 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 18:16 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 18:16 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-12 14:47 - 2014-10-12 14:47 - 00000000 ____D () C:\Users\sky\Desktop\Old Firefox Data
2014-10-12 14:20 - 2014-10-12 14:20 - 00000000 ____D () C:\Users\sky\AppData\Local\Apple
2014-10-12 14:19 - 2014-10-12 14:19 - 00000000 ____D () C:\Users\sky\AppData\Local\Macromedia
2014-10-10 17:13 - 2014-10-10 17:13 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\skyerjoe\Downloads\SandboxieInstall.exe
2014-10-10 17:02 - 2014-10-10 17:02 - 01915297 _____ () C:\Users\skyerjoe\Downloads\Secure Banking v2.0.1.rar
2014-10-09 17:59 - 2014-10-09 17:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-09 16:57 - 2014-10-09 16:57 - 00000000 ____D () C:\Users\skyerjoe\Downloads\Rootkit_Remover_3022
2014-10-09 16:56 - 2014-10-09 16:57 - 15258612 _____ () C:\Users\skyerjoe\Downloads\Rootkit_Remover_3022.zip
2014-10-08 19:05 - 2014-10-08 19:05 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-10-08 19:05 - 2014-10-08 19:05 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-10-07 20:57 - 2014-10-21 17:46 - 00000000 ____D () C:\Users\skyerjoe\Downloads\cr_example_db
2014-10-07 20:38 - 2014-10-07 20:38 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Microsoft_Corporation
2014-10-07 20:34 - 2014-10-07 22:16 - 00000000 ____D () C:\Users\skyerjoe\Documents\SQL Server Management Studio
2014-10-07 20:34 - 2014-10-07 20:34 - 00000020 ___SH () C:\Users\MSSQL$SQLEXPRESS\ntuser.ini
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Vorlagen
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Startmenü
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Netzwerkumgebung
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Lokale Einstellungen
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Eigene Dateien
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Druckumgebung
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Documents\Eigene Musik
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Documents\Eigene Bilder
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Verlauf
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Anwendungsdaten
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Anwendungsdaten
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS
2014-10-07 20:34 - 2014-04-02 22:17 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Macromedia
2014-10-07 20:34 - 2013-12-05 19:46 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Apple
2014-10-07 20:34 - 2010-06-11 15:44 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Microsoft Help
2014-10-07 20:34 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-07 20:34 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-07 20:33 - 2012-02-11 09:03 - 00082520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr11.0.2100.60.dll
2014-10-07 20:33 - 2012-02-11 09:02 - 00045656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-10-07 20:33 - 2012-02-11 07:46 - 00180312 _____ (Microsoft Corporation) C:\Windows\system32\hadrres.dll
2014-10-07 20:33 - 2012-02-11 07:46 - 00082520 _____ (Microsoft Corporation) C:\Windows\system32\fssres.dll
2014-10-07 20:33 - 2012-02-11 07:44 - 00095832 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.0.2100.60.dll
2014-10-07 20:33 - 2012-02-11 07:44 - 00054360 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-10-07 20:28 - 2014-10-07 20:28 - 00000000 ____D () C:\Windows\system32\RsFx
2014-10-07 20:26 - 2014-10-07 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-10-07 20:25 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-10-07 20:25 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\system32\1033
2014-10-07 20:24 - 2014-10-07 20:24 - 00000000 ____D () C:\Users\skyerjoe\Documents\Visual Studio 2010
2014-10-07 20:21 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\SysWOW64\1031
2014-10-07 20:20 - 2014-10-07 20:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-10-07 20:18 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\system32\1031
2014-10-07 20:18 - 2014-10-07 20:18 - 00000000 ____D () C:\Windows\symbols
2014-10-07 20:18 - 2014-10-07 20:18 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-10-07 20:18 - 2014-10-07 20:18 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-10-07 20:18 - 2014-10-07 20:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-10-07 20:12 - 2014-10-07 20:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-10-07 20:12 - 2014-10-07 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2014-10-07 20:05 - 2014-10-07 20:07 - 18411567 _____ () C:\Users\skyerjoe\Downloads\cr_xi_xtreme_rep_smpl_en.zip
2014-10-07 19:57 - 2014-10-07 20:38 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-10-07 19:40 - 2014-10-07 19:51 - 742686296 _____ (Microsoft Corporation) C:\Users\skyerjoe\Downloads\SQLEXPRWT_x64_DEU.exe
2014-10-02 16:53 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-02 16:53 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-02 16:50 - 2014-10-04 14:18 - 00001101 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-30 23:54 - 2014-04-09 22:30 - 00031726 _____ () C:\Users\skyerjoe\Downloads\FRST.txt
2014-10-30 23:53 - 2014-04-09 22:30 - 00000000 ____D () C:\FRST
2014-10-30 23:52 - 2014-04-09 22:21 - 02113536 _____ (Farbar) C:\Users\skyerjoe\Downloads\FRST64.exe
2014-10-30 23:50 - 2009-07-14 05:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-30 23:50 - 2009-07-14 05:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-30 23:46 - 2010-06-02 13:47 - 01744315 _____ () C:\Windows\WindowsUpdate.log
2014-10-30 23:44 - 2014-01-10 11:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-30 23:43 - 2011-06-13 18:04 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Deployment
2014-10-30 23:42 - 2014-02-05 23:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-30 23:40 - 2012-03-15 15:14 - 00056045 _____ () C:\Windows\setupact.log
2014-10-30 23:40 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-30 23:38 - 2014-04-09 22:25 - 00000588 _____ () C:\Users\skyerjoe\Downloads\defogger_disable.log
2014-10-30 23:38 - 2010-06-02 14:48 - 00000000 ____D () C:\Users\skyerjoe
2014-10-30 23:37 - 2013-12-21 01:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-30 23:18 - 2014-02-05 23:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-30 23:11 - 2012-03-19 01:07 - 00326512 _____ () C:\Windows\PFRO.log
2014-10-30 20:26 - 2010-06-02 14:40 - 00806468 _____ () C:\Windows\system32\perfh007.dat
2014-10-30 20:26 - 2010-06-02 14:40 - 00184872 _____ () C:\Windows\system32\perfc007.dat
2014-10-30 20:26 - 2009-07-14 06:13 - 01889308 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-30 20:23 - 2010-06-02 14:55 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B07B1A65-7663-4533-B9F1-3274CBE7C8AF}
2014-10-29 00:19 - 2014-02-05 23:21 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-24 20:20 - 2011-04-03 18:09 - 00000000 ____D () C:\Users\sky\AppData\Roaming\Apple Computer
2014-10-24 20:18 - 2011-04-03 18:09 - 00000000 ____D () C:\Users\sky\AppData\Local\Apple Computer
2014-10-24 19:33 - 2011-04-03 18:09 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{98ADFF9C-7640-4C3E-A3B7-468DC3BE102F}
2014-10-24 19:30 - 2010-11-23 16:39 - 00000000 ____D () C:\Users\sky
2014-10-22 21:26 - 2013-11-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-22 21:25 - 2013-11-14 16:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-22 21:25 - 2011-01-12 23:51 - 00000000 ____D () C:\Program Files\Java
2014-10-22 21:24 - 2010-12-31 16:44 - 00002168 _____ () C:\Windows\Sandboxie.ini
2014-10-22 19:53 - 2011-06-13 18:04 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Apps\2.0
2014-10-22 19:53 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-10-22 19:47 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-22 19:39 - 2010-06-10 16:29 - 00000000 _RSHD () C:\ProgramData\Temp
2014-10-22 17:13 - 2014-02-05 23:21 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 17:13 - 2014-02-05 23:21 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 00:27 - 2011-10-05 22:33 - 00000000 ____D () C:\Program Files (x86)\Rohos
2014-10-22 00:27 - 2011-05-17 00:00 - 00000000 ____D () C:\Windows\Minidump
2014-10-22 00:26 - 2012-04-04 23:08 - 719861678 _____ () C:\Windows\MEMORY.DMP
2014-10-21 23:21 - 2010-07-20 19:17 - 00000000 ____D () C:\Users\skyerjoe\AppData\Roaming\Notepad++
2014-10-21 23:10 - 2010-07-20 19:17 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-10-21 21:30 - 2014-04-09 22:32 - 00068002 _____ () C:\Users\skyerjoe\Downloads\Addition.txt
2014-10-19 22:15 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-18 16:56 - 2010-06-21 16:42 - 00000000 ____D () C:\Users\skyerjoe\USB-Stick
2014-10-18 16:54 - 2011-05-08 13:50 - 00000000 ____D () C:\Program Files\UlisesSoft
2014-10-18 13:06 - 2012-04-27 15:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-18 12:58 - 2014-06-20 00:17 - 00000000 ____D () C:\ProgramData\InstallShield
2014-10-18 12:55 - 2014-06-21 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-10-17 17:03 - 2014-01-11 18:18 - 00000000 ____D () C:\Windows\rescache
2014-10-17 14:03 - 2009-07-14 05:45 - 00453736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 23:55 - 2010-06-02 13:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 23:49 - 2013-11-15 16:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 23:09 - 2010-06-14 23:00 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 14:13 - 2014-07-15 17:29 - 00000000 ____D () C:\Users\sky\AppData\Roaming\ControlCenter4
2014-10-12 14:13 - 2011-04-03 18:10 - 00000000 ____D () C:\Users\sky\AppData\Local\Mozilla
2014-10-10 15:22 - 2010-12-31 16:44 - 00001318 _____ () C:\Users\skyerjoe\Desktop\Sandboxed Web Browser.lnk
2014-10-07 20:56 - 2014-06-20 00:09 - 00000000 ____D () C:\Program Files (x86)\Business Objects
2014-10-07 20:31 - 2010-06-02 13:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-07 20:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-07 20:02 - 2013-11-19 16:59 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\JDownloader v2.0
2014-10-04 14:18 - 2010-06-10 14:44 - 00000000 ____D () C:\Update
2014-10-02 16:50 - 2011-04-19 23:34 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-10-02 16:50 - 2010-01-29 23:44 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-10-02 16:49 - 2010-06-02 14:41 - 00000000 ____D () C:\Program Files\Sony
2014-10-02 16:49 - 2010-01-29 22:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-02 15:53 - 2010-06-30 00:44 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Files to move or delete:
====================
C:\Users\skyerjoe\fbchathistory.dat
Some content of TEMP:
====================
C:\Users\sky\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\skyerjoe\AppData\Local\Temp\Quarantine.exe
C:\Users\skyerjoe\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-17 16:54
==================== End Of Log ============================
grüße fireskyer |
|
31.10.2014, 00:08
| #13 |
| | Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. FRST: addition.txt: FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 01
Ran by skyerjoe at 2014-10-30 23:55:16
Running from C:\Users\skyerjoe\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Advanced IP Scanner v1.5 (HKLM-x32\...\Advanced IP Scanner v1.5) (Version: - )
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version: - )
Alax.Info DHCP Server 1.0.6 (HKLM-x32\...\{F778CD06-CB21-4D58-92B7-3A21B6D8F009}) (Version: 1.0.6 - Alax.Info)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Alt.Binz 0.25.0 (HKLM-x32\...\Alt.Binz) (Version: 0.25.0 - Rdl)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.278 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{5BC83141-83DD-07BE-C940-04B385540F04}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
Binbot version 2.0 (HKLM-x32\...\binbot2.0_is1) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J4510DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCcamInfoPHP v0.8.6 (DT5) (HKLM-x32\...\{F5E2B845-0C4A-452D-A24D-8E9C1B1858F0}) (Version: 1.0.0 - .)
ccc-core-static (x32 Version: 2010.0920.2143.37117 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
Click to Disc MergeModules x64 (Version: 1.0.14230 - Sony Corporation) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.538 - Corel Inc.)
CPUID CPU-Z 1.55 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crystal Reports XI Release 2 (HKLM-x32\...\{94FB0978-D094-40C7-91D7-834D39220D4A}) (Version: 11.5.0.31327 - Business Objects)
Defraggler (HKLM\...\Defraggler) (Version: 2.09 - Piriform)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EasyBCD 1.7.2 (HKLM-x32\...\EasyBCD) (Version: 1.7.2 - NeoSmart Technologies)
EasyBoot V5.12 (HKLM-x32\...\EasyBoot_is1) (Version: - )
Einstellungen für VAIO-Inhaltsüberwachung (HKLM-x32\...\{06C05B90-2127-4933-8ABA-61833BDE13FA}) (Version: 2.6.0.11050 - Sony Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.0.545 - Evernote Corp.)
Ext2 IFS 1.11a for Windows Vista/2008 (HKLM\...\Ext2Ifs_for_NT6) (Version: - )
Ext2Fsd 0.51 (HKLM\...\Ext2Fsd_is1) (Version: 0.51 - Matt Wu)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FOCA Free (HKLM-x32\...\{54A9B87F-7966-41B7-96C7-01D7EF462813}) (Version: 2.6.1 - Informatica64)
Foldit (HKLM-x32\...\Foldit) (Version: - )
FRITZ!Box USB-Fernanschluss (HKCU\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
H.M.S Fsim 4.01 (HKLM-x32\...\Fsim 4.01_is1) (Version: 4.01 - H.M.S Software)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HP Photosmart Prem C410 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}) (Version: 14.0 - HP)
ICQ7.2 (HKLM-x32\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
ImageMagick 6.7.6-5 Q16 (2012-05-01) (HKLM-x32\...\ImageMagick 6.7.6 Q16_is1) (Version: 6.7.6 - ImageMagick Studio LLC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
inSSIDer 2.0 (HKLM\...\{57019733-78E6-43DE-8E6D-55349F0FDE6F}) (Version: 2.0.7 - MetaGeek)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
IsoBuster 3.3 (HKLM-x32\...\IsoBuster_is1) (Version: 3.3 - Smart Projects)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
JDiskReport 1.4.0 (HKLM-x32\...\JDiskReport 1.4.0) (Version: 1.4.0 (2012-01-20 11:38:43) - JGoodies Karsten Lentzsch)
JDownloader (HKLM-x32\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt))
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 2.13 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.8.1 - Magical Jelly Bean)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.1.1.11200 - Sony Corporation)
Media Gallery (x32 Version: 1.1.1.11200 - Sony Corporation) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Device Emulator (64 Bit) Version 3.0 - DEU (HKLM\...\{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Diagnostics and Recovery Toolset 6.0 (HKLM\...\{1B285B8A-161F-4ACE-86D7-89EF0775EDCB}) (Version: 6.00.0000 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Report Viewer 2012-Laufzeit (HKLM-x32\...\{F2C6E9F1-8F35-42A0-A9CA-E6C94D92A86C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{5973B12E-5FC1-4EF6-B63B-49C1C4AF2AAA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-Bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A282A232-780C-45E2-A5E5-9B61D74DCC6E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - DEU (HKLM-x32\...\{987AE03F-234A-3623-BD28-6B31FD1D3AB3}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer für SQL Server 2012 (HKLM\...\{7647B46D-D4E6-43A5-AC9D-0BAA28C63271}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.1 - mIRC Co. Ltd.)
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.9 - 3r1c)
MKVtoolnix 4.4.0 (HKLM-x32\...\MKVtoolnix) (Version: 4.4.0 - Moritz Bunkus)
MobileMe Control Panel (HKLM\...\{56F26668-13DA-497A-883F-61434A10CBAB}) (Version: 3.1.5.0 - Apple Inc.)
MozBackup 1.5 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-GB)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\{AB259D46-F851-41B0-9AFA-AED8998AD68A}) (Version: 2.0.0.1067 - Omnifone)
Nero 8 Micro 8.3.6.0 (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.6.0 - Updatepack.nl)
Nero 9 Lite (HKLM-x32\...\{3484e694-66bc-40b5-88d9-dc7ead01b92f}) (Version: - Nero AG)
NetSHGUI (HKLM-x32\...\{34CF2DC1-9138-4671-9C2F-D318FFC80AC0}) (Version: 1.0.0 - Tim Brigham)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Newsbin Pro (HKLM\...\Newsbin6) (Version: 6.00 - DJI Interprises, LLC)
NewsLeecher v4.0 Final (HKLM-x32\...\NewsLeecher_is1) (Version: - )
nLite 1.4.9.1 (HKLM-x32\...\nLite_is1) (Version: 1.4.9.1 - Dino Nuhagic (nuhi))
NNTPGrab (64bit) (HKLM\...\NNTPGrab (64bit)) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NSClient++ (x64) (HKLM\...\{D9C026DE-16B9-4286-AFB1-3117B88D9769}) (Version: 0.3.8.76 - MySolutions NORDIC)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenSSL 1.0.1 Light (32-bit) (HKLM-x32\...\OpenSSL Light (32-bit)_is1) (Version: - OpenSSL Win32 Installer Team)
OpenVPN Tap Adapter 9.0 (HKLM-x32\...\OpenVPN Tap Adapter) (Version: - )
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)
OverPlay VPN (HKCU\...\4f1f873ae9d5c649) (Version: 1.0.0.50 - OverPlay)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Paragon Partition Manager™ 10.0 Professional (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
pCon.planner 6.3 (HKLM-x32\...\pCon.planner 6.3) (Version: 6.3.0.101 - EasternGraphics)
pCon.planner 6.3 (x32 Version: 6.3.0.101 - EasternGraphics) Hidden
PE Builder 3.1.10a (HKLM-x32\...\PE Builder_is1) (Version: - Bart Lagerweij)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.2 - )
PKR (HKLM-x32\...\PKR) (Version: - PKR Ltd)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.0.00.10260 - Sony Corporation)
PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}) (Version: 1.2.00.15250 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.2.00.15250 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.2.00.16060 - Sony Corporation)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.2.00.16060 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.2.00.15250 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.2.00.15250 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.2.00.15250 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.2.00.15250 - Sony Corporation) Hidden
Polipo 1.0.4.1 (HKLM-x32\...\Polipo) (Version: - )
PS_AIO_07_C410_SW_Min (x32 Version: 140.0.273.000 - Hewlett-Packard) Hidden
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.50.0 - PS3 Media Server)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Remote Play mit PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.0.2.06212 - Sony Corporation)
Remote Play with PlayStation 3 (x32 Version: 1.0.0.15090 - Sony Corporation) Hidden
Remote-Tastatur mit PlayStation 3 (HKLM-x32\...\{65B138AE-F636-4D4C-BA5D-A06E21E47C53}) (Version: 1.0.2.06170 - Sony Corporation)
Roadkil's Raw Copy Version 1.2 (HKLM-x32\...\{FE95BD73-9BCF-4859-BC47-16617911FE3B}_is1) (Version: - Roadkil.Net)
Rohos Mini Drive 1.8 (HKLM-x32\...\Rohos_Rohos22_is1) (Version: - Tesline-Service srl)
Roomeon 3D-Planer (HKLM-x32\...\{51BA4778-915C-4B75-92AC-06060B76FE16}) (Version: 1.0.0 - MyDomicile.com GmbH)
Rosetta Stone Ltd Services (HKLM-x32\...\{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}) (Version: 3.2.17 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\com.rosettastone.rosettastonetotale) (Version: 4.1.15.1 - Rosetta Stone, Ltd)
Rosetta Stone TOTALe (x32 Version: 4.1.1 - Rosetta Stone, Ltd) Hidden
Rosetta Stone TOTALe (x32 Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Scansoft PDF Professional (x32 Version: - ) Hidden
SecCommerce SecSigner 3.6 (HKLM\...\SecCommerce SecSigner) (Version: 3.6 - SecCommerce Informationssysteme GmbH)
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Sentinel System Driver (HKLM-x32\...\Rainbow Sentinel Driver) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SetEditHBP (remove only) (HKLM-x32\...\SetEditHBP) (Version: - )
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.1.0.11200 - Sony Corporation)
Setup_msm_VCMS_x64 (Version: 2.6.0.06040 - Sony Corporation) Hidden
Setup_msm_VOFS_x64 (Version: 2.3.0.09270 - Sony Corporation) Hidden
Setup_VEP_x64_Contain_SSDB (Version: 3.9.0.09270 - Sony Corporation) Hidden
Simple PAK Maker (HKLM-x32\...\{C4D6A4E8-D564-4634-B16D-D40112FB7A51}) (Version: 2.0.0.0 - )
simple-fax.de Version 1 (HKLM-x32\...\{7343767F-D225-4EB2-87B8-173451445F45}_is1) (Version: 1 - simple-fax.de)
SIW version 2010.04.28 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2010.04.28 - Topala Software Solutions)
Snapshot (remove only) (HKLM-x32\...\Snapshot) (Version: - )
SOHLib Merge Module (x32 Version: 2.2.0.11240 - Sony Corporation) Hidden
Sony Home Network Library (HKLM-x32\...\{A6B90666-2A1F-49E8-A40E-27EAAD11C096}) (Version: 2.2.0.11240 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.0.1.10160 - Sony Corporation) Hidden
SopCast 3.3.2 (HKLM-x32\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SpotLite (HKCU\...\SpotLite) (Version: 00.01.00.04 - Quartermaster (Bond))
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server-Browser für SQL Server 2012 (HKLM-x32\...\{1A4C9497-7D4B-466D-8D3A-FE0D925386DC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sweet Home 3D version 3.2 (HKLM-x32\...\Sweet Home 3D_is1) (Version: - eTeks)
System Requirements Lab for Intel (HKLM-x32\...\{ADD72094-D289-4714-A62E-70574478A2BC}) (Version: 4.3.1.0 - Husdawg, LLC)
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.10418 - TeamViewer GmbH)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Tiny DHCP Server (HKLM-x32\...\Tiny DHCP Server) (Version: - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Tor 0.2.2.30-rc (HKLM-x32\...\Tor) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TSDoctor (HKLM-x32\...\{1A8BB532-FE89-4AAF-BA8F-AABA6A51CD5F}) (Version: 1.0.83 - Cypheros)
UBCD4Win 3.60 (HKLM-x32\...\UBCD4Win_is1) (Version: - UBCD4Win Team - Benjamin Burrows)
UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version: - )
UltraVNC 1.0.9.1 (HKLM-x32\...\Ultravnc2_is1) (Version: 1.0.9.1 - 1.0.9.1)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation)
Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version: - )
UsenetFaker v1.0.0.0 (HKLM-x32\...\UsenetFaker_is1) (Version: - )
VAIO Care (HKLM\...\{FDCC09EA-A33E-4639-B1CD-FC1702815FA7}) (Version: 8.4.0.14281 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{A1255354-11F3-4D25-95CC-C9B1C2320761}) (Version: 3.9.0.11260 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.6.0.09250 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Network Service Manager (HKLM\...\{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Content Metadata Manager Settings (HKLM\...\{8FE3CF66-4484-4D39-B47D-DEBBA173619D}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Content Metadata XML Interface Library (HKLM\...\{97C58294-36D8-4594-8A49-7AB4AE096504}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.2.0.09150 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.2.0.09150 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.1.00.15050 - Sony Corporation)
VAIO Energie Verwaltung (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.0.0.11300 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{0489D044-6386-4BDF-9F98-577D60CF79DD}) (Version: 3.9.0.11160 - Sony Corporation)
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.1.0.12010 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.2.1.09131 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 1.0.0.10290 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Marketing Tools (HKLM-x32\...\MarketingTools) (Version: - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.0.1.10160 - Sony Corporation)
VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 1.2.0.09100 - Sony Corporation)
VAIO Movie Story MergeModules x64 (Version: 1.0.14240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.2.00.15250 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.0.00.09240 - Sony Corporation) Hidden
VAIO Original Funktion Einstellungen (HKLM-x32\...\{04EAE65A-CDCF-480F-B754-5C3A9364239C}) (Version: 2.3.0.11240 - Sony Corporation)
VAIO Personalization Manager (HKLM\...\{DBB823F3-E8BD-4578-9D16-42AF176FD777}) (Version: 3.0.0.11160 - Sony Corporation)
VAIO Premium Partners (HKLM-x32\...\VAIO Premium Partners) (Version: 1.0 - Sony Europe)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.3.1.7 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.3.1.7 - Sony Corporation) Hidden
VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.1.08110 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.0.0.06010 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)
Vidalia 0.2.12 (HKLM-x32\...\Vidalia) (Version: - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Vistumbler (HKLM-x32\...\Vistumbler) (Version: v10 - Vistumbler.net)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
windata basic (HKLM-x32\...\{B20643D6-70C3-447E-8C19-5AADD3904C81}) (Version: 08.00.0000 - windata GmbH & Co.KG)
windata@home (HKLM-x32\...\{A0703E79-9B57-4BE1-BEF1-E43402CBBFF0}) (Version: 08.08.0000 - windata GmbH & Co.KG)
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WinSCP 5.1.8 (HKLM-x32\...\winscp3_is1) (Version: 5.1.8 - Martin Prikryl)
XMedia Recode 3.0.6.7 (HKLM-x32\...\XMedia Recode) (Version: 3.0.6.7 - Sebastian Dörfler)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
18-10-2014 11:55:59 Konfiguriert Brother Software Suite
21-10-2014 11:33:39 Windows Update
22-10-2014 18:05:18 Revo Uninstaller's restore point - DAEMON Tools Toolbar
22-10-2014 18:12:02 Revo Uninstaller's restore point - Funmoods Web Search
22-10-2014 18:18:54 Revo Uninstaller's restore point - Update for Zip Opener
22-10-2014 18:20:30 Revo Uninstaller's restore point - vShare.tv plugin 1.3
22-10-2014 20:05:54 Removed Java 7 Update 55 (64-bit)
24-10-2014 18:36:55 Windows Update
28-10-2014 22:55:51 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-10-22 19:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {11AB48CB-E787-4F59-8219-53BDCA876862} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {17C8CFD2-4029-460E-A6CD-53CBB25A00C2} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {1A711198-0BA9-4ED0-8B61-B44DDFEDEACF} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {3404E6B7-BCCB-469A-8E3D-B0563632A16C} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {364C52BB-493C-45BE-BA18-19F3CB63CAE9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3EED7FD4-747E-437D-A868-4AC6DEA53B83} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {44B093F9-D6AA-4661-B9BA-EA1333300C86} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJMIMIMMMJMKJLJPMCNLMLJOJJMCNLMGMHMPMCNGMLMPMOMCNKJLJMJOMLJIMOMLJJMHMPMPMJNJICMIMCNNMCNGMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMMIEJGIKJNIFJAJKJJNKJCMJNNICMJNDJCMLJKJ"
Task: {52D6BE54-933A-4B27-9EC8-22D5ACFCB7E6} - System32\Tasks\Open URL by Roboform => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMJMIMIMMMJMKJLJPMCNLMLJOJJMCNLMGMHMPMCNGMLMPMOMCNKJLJMJOMLJIMOMLJJMHMPMPMJNJICMIMCNMMCNNMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMPMCNNMJNPICMPMFMFMGMIMJNHICMMJBJKJLIMJJNBJCMMIEJGIKJNIFJAJKJJNKJCMJNNICMJNDJCMLJKJ"
Task: {578AFFD4-EB45-476C-A5D8-87C1C02D0D98} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {58E45C7E-0640-404E-B5E2-7B4D045EC33F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-15] (AVAST Software)
Task: {6615E562-AC45-490E-97AD-5D892EA5E872} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {793AAAA3-44D3-48B9-8570-AF9CE4C2CD0B} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {7CCABE14-77D5-4FCB-8E04-3482A19803BE} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {7F3738BD-8BB9-4891-9EB5-F56D640B36ED} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {88ED3377-4CB1-469A-84DA-258A833262FB} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {8E6413D9-8DB2-4031-916E-3B7D3D2BD242} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-10-25] (Sony Corporation)
Task: {8FC70F01-B45F-421F-A148-71BDCA8F2C12} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {94BF4AB2-F919-4F2E-9995-AF0E5FA034D2} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {98091604-3DE7-4B23-A0A6-E774DC0263BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-05] (Google Inc.)
Task: {A90FEA3A-DB4F-4817-90F6-D1B6C6D39ED9} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {B151739C-0FAA-4B1A-A63C-D717084230B4} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {BC311B7E-F30F-4701-BEAD-19EE5A22FD63} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {C46351A3-4D02-4BFB-9459-D0EAF1D48E05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-05] (Google Inc.)
Task: {C4A85847-DFD3-42F1-A3C6-C0FA276B3F54} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {C81DAFF3-CED8-4252-8AEF-A3A96E685773} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)
Task: {DB33CD9B-24D2-42A1-A3B9-6BA9F66C33A0} - System32\Tasks\SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3 => C:\Program Files\Sony\Remote Keyboard with PlayStation 3\VBTKBUtil.exe [2010-06-17] (Sony Corporation)
Task: {DF3160C5-1645-408B-B0EE-FE4E4E292839} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {E39F1155-3D4E-4E65-B869-2B0B8C80C413} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {ECA53539-0A26-413A-8DF7-9A784D9D4FFC} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {F107CD63-AFBD-4D25-83B2-96D289235F68} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-10-25] (Sony Corporation)
Task: {FA2A8DEF-658C-4962-BB82-280ABB3E4E88} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {FC2B3564-8D8B-452B-B987-499D15E69A55} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-01-06 16:34 - 2013-02-09 13:17 - 00113152 _____ () C:\Windows\System32\redmon64.dll
2014-06-21 14:26 - 2005-04-22 05:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2010-08-24 14:39 - 2010-08-24 14:39 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-01-26 20:04 - 2011-01-26 20:04 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-06-08 22:51 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2014-01-28 21:45 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-07-15 17:42 - 2014-07-15 17:42 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-30 20:20 - 2014-10-30 20:20 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14103001\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-02 14:10 - 2009-12-01 21:03 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-06-02 14:10 - 2009-12-01 21:03 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2010-01-29 22:55 - 2009-11-21 00:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-07-15 17:42 - 2014-07-15 17:42 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-21 14:10 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\skyerjoe\Downloads\email_87_20140717181446.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\startupfolder: C:^Users^skyerjoe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.3301725356812716.exe.lnk => C:\Windows\pss\0.3301725356812716.exe.lnk.Startup
MSCONFIG\startupfolder: C:^Users^skyerjoe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Hardcopy.LNK => C:\Windows\pss\Hardcopy.LNK.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MarketingTools => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Tiny DHCP Server => "C:\Program Files (x86)\Tiny DHCP Server\dhcpsrv.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-1609788897-153937731-1751884820-500 - Administrator - Disabled)
Gast (S-1-5-21-1609788897-153937731-1751884820-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1609788897-153937731-1751884820-1002 - Limited - Enabled)
sky (S-1-5-21-1609788897-153937731-1751884820-1003 - Limited - Enabled) => C:\Users\sky
skyerjoe (S-1-5-21-1609788897-153937731-1751884820-1000 - Administrator - Enabled) => C:\Users\skyerjoe
==================== Faulty Device Manager Devices =============
Name: Photosmart Prem C410 series
Description: Photosmart Prem C410 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: TAP-Win32 Adapter V9
Description: TAP-Win32 Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: USB 2.0 Camera
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Description: Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart Prem C410 series
Description: Photosmart Prem C410 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-10-22 20:45:09.080
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-22 20:45:08.768
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-03-11 21:57:10.758
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-03-11 21:57:10.748
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-03-11 21:57:10.738
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-03-11 21:57:10.718
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-03-11 21:57:10.698
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-03-11 21:57:10.668
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-02-07 18:25:04.335
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-02-07 18:25:04.313
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 43%
Total physical RAM: 3950.07 MB
Available physical RAM: 2227.5 MB
Total Pagefile: 7898.31 MB
Available Pagefile: 5838.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:396.01 GB) (Free:13.33 GB) NTFS
Drive e: () (Fixed) (Total:19.53 GB) (Free:3.78 GB) NTFS
Drive h: (Volume) (Fixed) (Total:39.5 GB) (Free:2.02 GB) NTFS
Drive i: (crystal_reports) (CDROM) (Total:0.82 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0A0C67E8)
Partition 1: (Not Active) - (Size=10.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=396 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=59 GB) - (Type=OF Extended)
==================== End Of Log ============================
grüße fireskyer |
|
31.10.2014, 14:06
| #14 |
| /// the machine /// TB-Ausbilder | Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.11.2014, 19:34
| #15 |
| | Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. Jep grade wieder den Browser gestartet da kam es wieder : Eset Online Scanner: Code:
ATTFilter C:\UBCD4Win\UBCD4WinBuilder.iso Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\UBCD4Win\UBCD4Windows2.iso Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\sky\Downloads\k.stick\temp\Jana\Anwendungsdaten\Mozilla\Firefox\Profiles\qiskhrh2.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul Win32/DealPly.J evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\sky\Downloads\k.stick\temp\Jana\Eigene Dateien\FreeYouTubeToMP3Converter31014.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\sky\Downloads\k.stick\temp\Jana\Eigene Dateien\Downloads\3GPConverterSetup.exe Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\sky\Downloads\k.stick\temp\Jana\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html Win32/DealPly.J evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\skyerjoe\Downloads\Driver.Genius.Professional.10.0.0.526.rar Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\skyerjoe\Downloads\FritzRePass1.20-U3(1).zip Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\skyerjoe\Downloads\FritzRePass1.20-U3-tmp.zip Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\skyerjoe\Downloads\FritzRePass1.20-U3.zip Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\skyerjoe\Downloads\ruKernelTool(1).zip Win32/Packed.Autoit.H evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\skyerjoe\Downloads\ruKernelTool.zip Win32/Packed.Autoit.H evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\skyerjoe\Downloads\Fritz Recover\FritzRePass1.20+U3.zip Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\skyerjoe\oktay\sr-codbo\kkhfgys.rar Variante von Win32/Packed.VMProtect.AAD Trojaner gelöscht - in Quarantäne kopiert
E:\Dokumente und Einstellungen\skyerjoe\Eigene Dateien\Downloads\Fritz Recover\FritzRePass1.20+U3.zip Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
H:\Temp\hirens\ERD2.iso Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
H:\Temp\hirens\HBCD 11.0.iso Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
Code:
ATTFilter Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x64
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (2.0.0.4003)
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (33.0.2)
Mozilla Thunderbird (24.6.0)
Google Chrome 38.0.2125.104
Google Chrome 38.0.2125.111
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST: frst.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by skyerjoe (administrator) on SKYERJOE-VAIO on 05-11-2014 19:05:01
Running from C:\Users\skyerjoe\Downloads
Loaded Profiles: skyerjoe & MSSQL$SQLEXPRESS (Available profiles: skyerjoe & sky & MSSQL$SQLEXPRESS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Tesline-Service SRL) C:\Program Files (x86)\Rohos\agent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Ext2Fsd Group (www.ext2fsd.com)) C:\Program Files\Ext2Fsd\Ext2Mgr.exe
() C:\Program Files (x86)\Tiny DHCP Server\dhcpsrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-16] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [PrintDisp] => C:\Windows\system32\PrintDisp.exe [878080 2009-08-21] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-21] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1655296 2010-09-05] (Dominik Reichl)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ext2 Volume Manager] => C:\Program Files\Ext2Fsd\Ext2Mgr.exe [1211536 2011-02-05] (Ext2Fsd Group (www.ext2fsd.com))
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Tiny DHCP Server] => C:\Program Files (x86)\Tiny DHCP Server\dhcpsrv.exe [94208 2011-08-30] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [Rohos] => C:\Program Files (x86)\Rohos\agent.exe [801080 2011-05-17] (Tesline-Service SRL)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\skyerjoe\AppData\Local\Apps\2.0\BTH1ZOGT.8OZ\L89TLL57.57W\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-04-03] (AVM Berlin)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [SecureBanking] => C:\Program Files (x86)\Machinecode Technologies\Secure Banking\SecureBanking.exe
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [854192 2014-09-12] (Adobe Systems Incorporated)
AppInit_DLLs: C:\Windows\System32\acaptuser64.dll => C:\Windows\System32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\windata Zahlungserinnerung.lnk
ShortcutTarget: windata Zahlungserinnerung.lnk -> C:\windata\Home\windataZahlungserinnerung.exe (windata GmbH & Co.KG)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {2ACC42B3-35D9-443C-A196-98B24C83B63A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
SearchScopes: HKCU - {35F08D01-53EE-40D5-9B58-2E54616CA883} URL = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
SearchScopes: HKCU - {529538C8-6480-4BF9-9D9D-847EE0E86B93} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {D4458402-FDE2-4BEA-B7CC-D06F9B2A768F} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Tcpip\..\Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}: [NameServer] 192.168.178.1
Tcpip\..\Interfaces\{D61CA8A8-A9C5-4B05-8B5C-1FF6CD0702CA}: [NameServer] 192.168.178.15
FireFox:
========
FF ProfilePath: C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default
FF SelectedSearchEngine: Google
FF Homepage: about:home|hxxp://www.giga.de/
FF NetworkProxy: "backup.ftp", "192.168.43.1"
FF NetworkProxy: "backup.ftp_port", 3431
FF NetworkProxy: "backup.socks", "192.168.43.1"
FF NetworkProxy: "backup.socks_port", 3431
FF NetworkProxy: "backup.ssl", "192.168.43.1"
FF NetworkProxy: "backup.ssl_port", 3431
FF NetworkProxy: "ftp", "192.168.43.1"
FF NetworkProxy: "ftp_port", 34731
FF NetworkProxy: "http", "192.168.43.1"
FF NetworkProxy: "http_port", 34731
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.43.1"
FF NetworkProxy: "socks_port", 34731
FF NetworkProxy: "ssl", "192.168.43.1"
FF NetworkProxy: "ssl_port", 34731
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\searchplugins\gutscheinsuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: FreeSpeechMe - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\convergence@dot-bit.org [2014-05-16]
FF Extension: FoxyProxy Standard - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\foxyproxy@eric.h.jung [2014-09-05]
FF Extension: HTTPS-Everywhere - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\https-everywhere@eff.org [2014-11-02]
FF Extension: ReminderFox - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-11-02]
FF Extension: Bitdefender QuickScan - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-17]
FF Extension: Disconnect - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\2.0@disconnect.me.xpi [2014-11-02]
FF Extension: about:addons-memory - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\about-addons-memory@tn123.org.xpi [2014-11-02]
FF Extension: Social Fixer - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\betterfacebook@mattkruse.com.xpi [2011-08-08]
FF Extension: Facebook Chat History Manager - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\fbchathistory@firechm.com.xpi [2011-08-09]
FF Extension: Ghostery - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\firefox@ghostery.com.xpi [2014-11-02]
FF Extension: FireNes - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\firenes@facundo.zaldo.xpi [2012-01-03]
FF Extension: Heartbleed Monitor - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\jid1-eMhaOaq3SPBFDg@jetpack.xpi [2014-11-02]
FF Extension: Lightbeam - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-11-02]
FF Extension: Premiumize.me - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\jid1-sirVJT0BXhkuJg@jetpack.xpi [2014-07-15]
FF Extension: Deutsch (DE) Language Pack - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2011-12-28]
FF Extension: Media Hint - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\mediahint@jetpack.xpi [2014-11-02]
FF Extension: 1Password - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\onepassword4@agilebits.com.xpi [2014-11-02]
FF Extension: Stealthy - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\stealthyextension@gmail.com.xpi [2011-10-30]
FF Extension: Flagfox - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-12]
FF Extension: Encrypted Communication - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{52a7f893-d228-412e-9b28-bc61491462f6}.xpi [2014-02-05]
FF Extension: PasswordMaker - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{5872365e-67d1-4afd-9480-fd293bebd20d}.xpi [2014-11-02]
FF Extension: NoScript - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-02]
FF Extension: FoxySpider - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{75df891f-e299-4725-b14f-7d52f086dea2}.xpi [2014-11-02]
FF Extension: BugMeNot Plugin - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2011-07-17]
FF Extension: Adblock Plus - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-10]
FF Extension: BetterPrivacy - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-11-02]
FF Extension: Torbutton - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2011-08-18]
FF Extension: QuickJava - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-11-02]
FF Extension: User Agent Switcher - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-06-20]
FF Extension: WorldIP - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2011-08-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-10]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
Chrome:
=======
CHR Profile: C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-02]
CHR Extension: (Google Wallet) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Printer Control; C:\Windows\system32\PrintCtrl.exe [77824 2009-06-16] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
R2 Rohos Disk; C:\Program Files (x86)\Rohos\agent.exe [801080 2011-05-17] (Tesline-Service SRL)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-27] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-15] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2014-04-03] (AVM Berlin)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [268896 2014-04-03] (SysProgs.org)
R1 Ext2fs; C:\Windows\System32\DRIVERS\ext2fs.sys [270272 2008-09-25] (Stephan Schreiber)
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [769816 2011-07-09] (www.ext2fsd.com)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-04-08] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-12-03] (Paragon Software Group)
R1 IfsMount; C:\Windows\System32\DRIVERS\ifsmount.sys [80320 2008-08-28] (Stephan Schreiber)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7778176 2009-12-16] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [244736 2009-12-16] (Intel(R) Corporation) [File not signed]
R2 regi; C:\Windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo)
R2 RHDISK_AMD64; C:\Program Files (x86)\Rohos\RHDISK_AMD64.SYS [31408 2009-07-24] (Tesline-Service SRL)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 Sntnlusb; C:\Windows\SysWOW64\DRIVERS\SNTNLUSB.SYS [26120 2002-12-16] (Rainbow Technologies Inc.)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-06-10] (Duplex Secure Ltd.)
S3 TVICHW64; C:\Windows\system32\DRIVERS\TVICHW64.SYS [21200 2010-08-30] (EnTech Taiwan)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113952 2014-02-25] (Oracle Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-05 19:03 - 2014-11-05 19:03 - 00000986 _____ () C:\Users\skyerjoe\Downloads\checkup.txt
2014-11-05 18:20 - 2014-11-05 18:20 - 00854448 _____ () C:\Users\skyerjoe\Downloads\SecurityCheck.exe
2014-11-02 23:23 - 2014-11-02 23:23 - 06670199 _____ () C:\Users\skyerjoe\Downloads\masterpassword-gui.jar
2014-11-02 23:02 - 2014-11-05 18:11 - 00000000 ____D () C:\Users\skyerjoe\Documents\1Password
2014-11-02 23:00 - 2014-11-02 23:01 - 09963616 _____ (AgileBits ) C:\Users\skyerjoe\Downloads\1Password-4.1.0.526.exe
2014-11-02 21:05 - 2014-11-02 21:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-02 20:10 - 2014-11-02 20:10 - 14107296 _____ (Microsoft Corporation) C:\Users\skyerjoe\Downloads\mseinstall.exe
2014-11-02 18:33 - 2014-11-02 18:35 - 02347384 _____ (ESET) C:\Users\skyerjoe\Downloads\esetsmartinstaller_deu.exe
2014-10-31 00:29 - 2014-10-31 00:29 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Machinecode_Technologies
2014-10-31 00:26 - 2014-10-31 00:27 - 41209944 _____ (ALF AG ) C:\Users\skyerjoe\Downloads\setupBanCo.exe
2014-10-30 23:52 - 2014-11-05 19:04 - 00000000 ____D () C:\Users\skyerjoe\Downloads\FRST-OlderVersion
2014-10-30 23:51 - 2014-10-30 23:51 - 00001067 _____ () C:\Users\skyerjoe\Desktop\JRT.txt
2014-10-30 23:38 - 2014-10-30 23:38 - 00000020 _____ () C:\Users\skyerjoe\defogger_reenable
2014-10-30 23:24 - 2014-10-30 23:24 - 00005807 _____ () C:\Users\skyerjoe\Downloads\JRT.txt
2014-10-30 23:18 - 2014-10-30 23:18 - 00000000 ____D () C:\Windows\ERUNT
2014-10-30 23:13 - 2014-10-30 23:13 - 00009077 _____ () C:\Users\skyerjoe\Downloads\AdwCleaner[S0].txt
2014-10-30 23:08 - 2014-10-30 23:08 - 00009488 _____ () C:\Users\skyerjoe\Downloads\AdwCleaner[R0].txt
2014-10-30 23:01 - 2014-10-30 23:09 - 00000000 ____D () C:\AdwCleaner
2014-10-30 23:01 - 2014-10-30 23:01 - 01706144 _____ (Thisisu) C:\Users\skyerjoe\Downloads\JRT.exe
2014-10-30 21:15 - 2014-10-30 21:15 - 00001529 _____ () C:\Users\skyerjoe\Downloads\malwarebytes.txt
2014-10-30 21:14 - 2014-10-30 21:14 - 00001502 _____ () C:\Users\skyerjoe\Documents\malwarebyte.txt
2014-10-30 20:41 - 2014-10-30 20:41 - 02857530 _____ (Machinecode Technologies) C:\Users\skyerjoe\Downloads\Secure_Banking_2.0.1.exe
2014-10-30 20:31 - 2014-10-30 20:31 - 01998336 _____ () C:\Users\skyerjoe\Downloads\AdwCleaner_4.002.exe
2014-10-30 20:29 - 2014-10-31 00:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-30 20:29 - 2014-10-30 20:29 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\skyerjoe\Downloads\mbam-setup-2.0.3.1025(1).exe
2014-10-30 20:29 - 2014-10-30 20:29 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-30 20:29 - 2014-10-30 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-30 20:29 - 2014-10-30 20:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-30 20:29 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-30 20:29 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-30 20:29 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-30 20:25 - 2014-10-30 20:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\skyerjoe\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-24 20:20 - 2014-10-24 20:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-24 19:45 - 2014-10-24 19:57 - 00000000 ____D () C:\Users\sky\Desktop\Arbeitsstick
2014-10-24 19:41 - 2014-10-24 19:43 - 00000000 ____D () C:\Users\sky\AppData\Roaming\MediaMonkey
2014-10-24 19:41 - 2014-10-24 19:41 - 00000000 ____D () C:\Users\sky\AppData\Local\MediaMonkey
2014-10-24 19:36 - 2014-10-24 20:26 - 00000000 ____D () C:\Users\sky\Downloads\k.stick
2014-10-24 19:35 - 2014-10-24 19:39 - 00000000 ____D () C:\Users\sky\AppData\Roaming\TeraCopy
2014-10-24 19:32 - 2014-10-24 19:45 - 00000000 ____D () C:\Users\sky\AppData\Roaming\vlc
2014-10-24 19:32 - 2014-10-24 19:32 - 00000000 ____D () C:\Users\sky\AppData\Roaming\Corel
2014-10-24 19:30 - 2014-10-24 19:30 - 00000000 ____D () C:\Users\sky\Corel
2014-10-22 21:27 - 2014-10-22 21:26 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-22 21:05 - 2014-10-22 21:06 - 92658088 _____ (Oracle Corporation) C:\Users\skyerjoe\Downloads\jre-8u25-windows-x64.exe
2014-10-22 19:52 - 2014-10-22 19:52 - 00033333 _____ () C:\ComboFix.txt
2014-10-22 19:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-22 19:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-22 19:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-22 19:29 - 2014-10-22 19:53 - 00000000 ____D () C:\Qoobox
2014-10-22 19:29 - 2014-10-22 19:48 - 00000000 ____D () C:\Windows\erdnt
2014-10-22 19:23 - 2014-10-22 19:23 - 05584933 ____R (Swearware) C:\Users\skyerjoe\Downloads\ComboFix.exe
2014-10-22 17:14 - 2014-10-22 17:14 - 00000000 ____D () C:\Users\skyerjoe\Downloads\RevoUninstallerPortable
2014-10-22 17:13 - 2014-10-22 17:13 - 02785665 _____ (PortableApps.com) C:\Users\skyerjoe\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2014-10-22 00:27 - 2014-10-22 00:27 - 00454448 _____ () C:\Windows\Minidump\102214-38111-01.dmp
2014-10-21 22:32 - 2014-10-21 22:59 - 00045524 _____ () C:\Users\skyerjoe\Desktop\logs.rar
2014-10-21 20:40 - 2014-10-30 23:58 - 00126518 _____ () C:\Users\skyerjoe\Downloads\Shortcut.txt
2014-10-21 19:58 - 2014-10-21 21:59 - 00508927 _____ () C:\Users\skyerjoe\Desktop\gmer.log
2014-10-21 19:32 - 2014-10-21 19:32 - 00060979 _____ () C:\Users\skyerjoe\Downloads\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.htm
2014-10-21 19:32 - 2014-10-21 19:32 - 00000000 ____D () C:\Users\skyerjoe\Downloads\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board_files
2014-10-21 19:28 - 2014-10-21 19:28 - 00380416 _____ () C:\Users\skyerjoe\Downloads\Gmer-19357(1).exe
2014-10-21 19:08 - 2014-10-21 22:00 - 00000292 _____ () C:\Users\skyerjoe\Downloads\defogger_enable.log
2014-10-21 19:07 - 2014-10-21 19:07 - 00050477 _____ () C:\Users\skyerjoe\Downloads\Defogger(1).exe
2014-10-21 13:09 - 2014-10-21 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-10-19 16:52 - 2014-10-19 16:52 - 00005118 _____ () C:\Users\skyerjoe\Downloads\eset-kompl.txt
2014-10-18 15:13 - 2014-10-18 15:13 - 00924173 _____ () C:\Users\skyerjoe\Downloads\BrMain480(1).exe
2014-10-18 13:03 - 2014-11-03 01:43 - 00002722 _____ () C:\Users\skyerjoe\Downloads\eset.txt
2014-10-18 12:59 - 2014-10-18 12:59 - 00000000 ____D () C:\Users\skyerjoe\Downloads\nettool
2014-10-18 12:58 - 2014-10-18 12:58 - 00980304 _____ (A.I.SOFT,INC.) C:\Users\skyerjoe\Downloads\nettool_1270.EXE
2014-10-18 11:41 - 2014-10-18 11:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox4
2014-10-16 18:20 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 18:20 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 18:19 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 18:19 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 18:19 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 18:19 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 18:19 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 18:19 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 18:19 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 18:19 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 18:19 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 18:19 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 18:19 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 18:19 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 18:19 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 18:19 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 18:19 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 18:19 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 18:19 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 18:19 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 18:19 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 18:19 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 18:19 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 18:19 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 18:19 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 18:19 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 18:19 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 18:19 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 18:19 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 18:19 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 18:19 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 18:19 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 18:19 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 18:19 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 18:19 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 18:19 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 18:19 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 18:19 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 18:19 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 18:19 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 18:19 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 18:19 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 18:19 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 18:19 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 18:19 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 18:19 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 18:19 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 18:19 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 18:19 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 18:19 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 18:19 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 18:19 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 18:19 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 18:19 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 18:19 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 18:19 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 18:19 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 18:18 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 18:18 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 18:18 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 18:18 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 18:17 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 18:17 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 18:17 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 18:17 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 18:17 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 18:17 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 18:17 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 18:17 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 18:17 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 18:17 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 18:16 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 18:16 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-12 14:47 - 2014-10-12 14:47 - 00000000 ____D () C:\Users\sky\Desktop\Old Firefox Data
2014-10-12 14:20 - 2014-10-12 14:20 - 00000000 ____D () C:\Users\sky\AppData\Local\Apple
2014-10-12 14:19 - 2014-10-12 14:19 - 00000000 ____D () C:\Users\sky\AppData\Local\Macromedia
2014-10-10 17:13 - 2014-10-10 17:13 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\skyerjoe\Downloads\SandboxieInstall.exe
2014-10-10 17:02 - 2014-10-10 17:02 - 01915297 _____ () C:\Users\skyerjoe\Downloads\Secure Banking v2.0.1.rar
2014-10-09 17:59 - 2014-10-09 17:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-09 16:57 - 2014-10-09 16:57 - 00000000 ____D () C:\Users\skyerjoe\Downloads\Rootkit_Remover_3022
2014-10-09 16:56 - 2014-10-09 16:57 - 15258612 _____ () C:\Users\skyerjoe\Downloads\Rootkit_Remover_3022.zip
2014-10-08 19:05 - 2014-10-08 19:05 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-10-08 19:05 - 2014-10-08 19:05 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-10-07 20:57 - 2014-10-21 17:46 - 00000000 ____D () C:\Users\skyerjoe\Downloads\cr_example_db
2014-10-07 20:38 - 2014-10-07 20:38 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Microsoft_Corporation
2014-10-07 20:34 - 2014-11-02 18:26 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS
2014-10-07 20:34 - 2014-10-07 22:16 - 00000000 ____D () C:\Users\skyerjoe\Documents\SQL Server Management Studio
2014-10-07 20:34 - 2014-10-07 20:34 - 00000020 ___SH () C:\Users\MSSQL$SQLEXPRESS\ntuser.ini
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Vorlagen
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Startmenü
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Netzwerkumgebung
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Lokale Einstellungen
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Eigene Dateien
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Druckumgebung
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Documents\Eigene Musik
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Documents\Eigene Bilder
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Verlauf
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Anwendungsdaten
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Anwendungsdaten
2014-10-07 20:34 - 2014-04-02 22:17 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Macromedia
2014-10-07 20:34 - 2013-12-05 19:46 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Apple
2014-10-07 20:34 - 2010-06-11 15:44 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Microsoft Help
2014-10-07 20:34 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-07 20:34 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-07 20:33 - 2012-02-11 09:03 - 00082520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr11.0.2100.60.dll
2014-10-07 20:33 - 2012-02-11 09:02 - 00045656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-10-07 20:33 - 2012-02-11 07:46 - 00180312 _____ (Microsoft Corporation) C:\Windows\system32\hadrres.dll
2014-10-07 20:33 - 2012-02-11 07:46 - 00082520 _____ (Microsoft Corporation) C:\Windows\system32\fssres.dll
2014-10-07 20:33 - 2012-02-11 07:44 - 00095832 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.0.2100.60.dll
2014-10-07 20:33 - 2012-02-11 07:44 - 00054360 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-10-07 20:28 - 2014-10-07 20:28 - 00000000 ____D () C:\Windows\system32\RsFx
2014-10-07 20:26 - 2014-10-07 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-10-07 20:25 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-10-07 20:25 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\system32\1033
2014-10-07 20:24 - 2014-10-07 20:24 - 00000000 ____D () C:\Users\skyerjoe\Documents\Visual Studio 2010
2014-10-07 20:21 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\SysWOW64\1031
2014-10-07 20:20 - 2014-10-07 20:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-10-07 20:18 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\system32\1031
2014-10-07 20:18 - 2014-10-07 20:18 - 00000000 ____D () C:\Windows\symbols
2014-10-07 20:18 - 2014-10-07 20:18 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-10-07 20:18 - 2014-10-07 20:18 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-10-07 20:18 - 2014-10-07 20:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-10-07 20:12 - 2014-10-07 20:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-10-07 20:12 - 2014-10-07 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2014-10-07 20:05 - 2014-10-07 20:07 - 18411567 _____ () C:\Users\skyerjoe\Downloads\cr_xi_xtreme_rep_smpl_en.zip
2014-10-07 19:57 - 2014-10-07 20:38 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-10-07 19:40 - 2014-10-07 19:51 - 742686296 _____ (Microsoft Corporation) C:\Users\skyerjoe\Downloads\SQLEXPRWT_x64_DEU.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-05 19:06 - 2014-04-09 22:30 - 00034880 _____ () C:\Users\skyerjoe\Downloads\FRST.txt
2014-11-05 19:05 - 2014-04-09 22:30 - 00000000 ____D () C:\FRST
2014-11-05 19:04 - 2014-04-09 22:25 - 00000530 _____ () C:\Users\skyerjoe\Downloads\defogger_disable.log
2014-11-05 19:04 - 2014-04-09 22:21 - 02114560 _____ (Farbar) C:\Users\skyerjoe\Downloads\FRST64.exe
2014-11-05 18:37 - 2013-12-21 01:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-05 18:20 - 2010-06-02 13:47 - 01836205 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 18:18 - 2014-02-05 23:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 18:18 - 2014-02-05 23:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 18:18 - 2009-07-14 05:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 18:18 - 2009-07-14 05:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 18:14 - 2010-06-02 14:55 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B07B1A65-7663-4533-B9F1-3274CBE7C8AF}
2014-11-05 18:09 - 2014-01-10 11:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-05 18:08 - 2011-06-13 18:04 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Deployment
2014-11-05 18:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 18:04 - 2012-04-27 15:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-05 18:04 - 2012-03-15 15:14 - 00056213 _____ () C:\Windows\setupact.log
2014-11-03 01:35 - 2010-07-13 09:16 - 00000000 ____D () C:\Users\skyerjoe\Downloads\Fritz Recover
2014-11-03 01:23 - 2010-09-03 19:55 - 00000000 ____D () C:\UBCD4Win
2014-11-02 01:48 - 2010-12-31 16:44 - 00002168 _____ () C:\Windows\Sandboxie.ini
2014-10-31 00:28 - 2011-08-10 10:18 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Downloaded Installations
2014-10-30 23:58 - 2014-04-09 22:32 - 00051325 _____ () C:\Users\skyerjoe\Downloads\Addition.txt
2014-10-30 23:38 - 2010-06-02 14:48 - 00000000 ____D () C:\Users\skyerjoe
2014-10-30 23:11 - 2012-03-19 01:07 - 00326512 _____ () C:\Windows\PFRO.log
2014-10-30 20:26 - 2010-06-02 14:40 - 00806468 _____ () C:\Windows\system32\perfh007.dat
2014-10-30 20:26 - 2010-06-02 14:40 - 00184872 _____ () C:\Windows\system32\perfc007.dat
2014-10-30 20:26 - 2009-07-14 06:13 - 01889308 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-29 00:19 - 2014-02-05 23:21 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 06:34 - 2010-06-30 00:44 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-24 20:20 - 2011-04-03 18:09 - 00000000 ____D () C:\Users\sky\AppData\Roaming\Apple Computer
2014-10-24 20:18 - 2011-04-03 18:09 - 00000000 ____D () C:\Users\sky\AppData\Local\Apple Computer
2014-10-24 19:33 - 2011-04-03 18:09 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{98ADFF9C-7640-4C3E-A3B7-468DC3BE102F}
2014-10-24 19:30 - 2010-11-23 16:39 - 00000000 ____D () C:\Users\sky
2014-10-22 21:26 - 2013-11-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-22 21:25 - 2013-11-14 16:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-22 21:25 - 2011-01-12 23:51 - 00000000 ____D () C:\Program Files\Java
2014-10-22 19:53 - 2011-06-13 18:04 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Apps\2.0
2014-10-22 19:53 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-10-22 19:47 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-22 19:39 - 2010-06-10 16:29 - 00000000 _RSHD () C:\ProgramData\Temp
2014-10-22 17:13 - 2014-02-05 23:21 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 17:13 - 2014-02-05 23:21 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 00:27 - 2011-10-05 22:33 - 00000000 ____D () C:\Program Files (x86)\Rohos
2014-10-22 00:27 - 2011-05-17 00:00 - 00000000 ____D () C:\Windows\Minidump
2014-10-22 00:26 - 2012-04-04 23:08 - 719861678 _____ () C:\Windows\MEMORY.DMP
2014-10-21 23:21 - 2010-07-20 19:17 - 00000000 ____D () C:\Users\skyerjoe\AppData\Roaming\Notepad++
2014-10-21 23:10 - 2010-07-20 19:17 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-10-19 22:15 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-18 16:56 - 2010-06-21 16:42 - 00000000 ____D () C:\Users\skyerjoe\USB-Stick
2014-10-18 16:54 - 2011-05-08 13:50 - 00000000 ____D () C:\Program Files\UlisesSoft
2014-10-18 12:58 - 2014-06-20 00:17 - 00000000 ____D () C:\ProgramData\InstallShield
2014-10-18 12:55 - 2014-06-21 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-10-17 17:03 - 2014-01-11 18:18 - 00000000 ____D () C:\Windows\rescache
2014-10-17 14:03 - 2009-07-14 05:45 - 00453736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 23:55 - 2010-06-02 13:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 23:49 - 2013-11-15 16:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 23:09 - 2010-06-14 23:00 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 14:13 - 2014-07-15 17:29 - 00000000 ____D () C:\Users\sky\AppData\Roaming\ControlCenter4
2014-10-12 14:13 - 2011-04-03 18:10 - 00000000 ____D () C:\Users\sky\AppData\Local\Mozilla
2014-10-10 15:22 - 2010-12-31 16:44 - 00001318 _____ () C:\Users\skyerjoe\Desktop\Sandboxed Web Browser.lnk
2014-10-07 20:56 - 2014-06-20 00:09 - 00000000 ____D () C:\Program Files (x86)\Business Objects
2014-10-07 20:31 - 2010-06-02 13:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-07 20:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-07 20:02 - 2013-11-19 16:59 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\JDownloader v2.0
Files to move or delete:
====================
C:\Users\skyerjoe\fbchathistory.dat
Some content of TEMP:
====================
C:\Users\sky\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\skyerjoe\AppData\Local\Temp\Quarantine.exe
C:\Users\skyerjoe\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-05 18:59
==================== End Of Log ============================
grüße fireskyer |
|
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
