| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Malwarefund durch MalwarebytesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.10.2014, 16:50
| #1 |
 |  Windows 7: Malwarefund durch Malwarebytes Guten Abend, bei einem Routinescan hatte Malwarebytes 2 Funde. Bitte schaut doch mal drüber. Ich habe keine Veränderungen am System oder andere Schwierigkeiten feststellen können, der Laptop läuft weitestgehend einwandfrei. Die Logdateien sind leider zu lang, deshalb musste ich sie als Archiv anhängen. Danke schonmal fürs Lesen! Viele Grüße Lars |
|
25.10.2014, 17:21
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Malwarefund durch Malwarebytes Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
25.10.2014, 17:32
| #3 |
| | Windows 7: Malwarefund durch Malwarebytes Das ging ja schnell!
__________________ Ok, wird gemacht. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:38 on 24/10/2014 (Lars)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
Ran by Lars (administrator) on LARS on 24-10-2014 18:41:59
Running from C:\Users\HP\Desktop
Loaded Profiles: HP & Lars (Available profiles: HP & Lars & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Dell Inc) C:\Windows\System32\spool\drivers\x64\3\D1265wServer64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1445491938-3163146774-1667579322-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-1445491938-3163146774-1667579322-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-1445491938-3163146774-1667579322-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-1445491938-3163146774-1667579322-1011\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = about:blank
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Lars.LARS\AppData\Roaming\Mozilla\Firefox\Profiles\4oqzsymq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @delorme.com/SendToGPS -> C:\Program Files (x86)\DeLorme\SendToGPS\nppnplugin.dll (DeLorme)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\Lars.LARS\AppData\Roaming\Mozilla\Firefox\Profiles\4oqzsymq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-29]
FF Extension: Adblock Plus - C:\Users\Lars.LARS\AppData\Roaming\Mozilla\Firefox\Profiles\4oqzsymq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-29]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-14]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software)
R2 Dell B1265dfw Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\D1265wServer64.exe [241152 2013-03-05] (Dell Inc) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-14] ()
S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2011-10-24] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-24] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-05-27] (Duplex Secure Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
S3 USBMULCD; system32\drivers\CM10664.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-24 18:41 - 2014-10-24 18:42 - 00014117 _____ () C:\Users\HP\Desktop\FRST.txt
2014-10-24 18:41 - 2014-10-24 18:42 - 00000000 ____D () C:\FRST
2014-10-24 18:40 - 2014-10-24 18:40 - 02112000 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2014-10-24 18:38 - 2014-10-24 18:38 - 00000522 _____ () C:\Users\HP\Desktop\defogger_disable.log
2014-10-24 18:36 - 2014-10-24 18:36 - 00050477 _____ () C:\Users\HP\Desktop\Defogger.exe
2014-10-24 16:51 - 2014-10-24 16:51 - 00000000 ____D () C:\Users\HP\Desktop\PUP
2014-10-24 16:21 - 2014-10-24 18:32 - 00000112 _____ () C:\Windows\setupact.log
2014-10-24 16:21 - 2014-10-24 16:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-23 16:32 - 2014-10-23 16:32 - 00000000 ____D () C:\Users\HP\Desktop\Mareike Ferienspiele
2014-10-21 15:59 - 2014-10-21 15:59 - 00000645 _____ () C:\Users\HP\Desktop\Musik.lnk
2014-10-16 22:28 - 2014-08-19 05:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-16 22:28 - 2014-08-19 05:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-16 22:28 - 2014-08-19 05:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-16 22:28 - 2014-08-19 05:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-16 22:28 - 2014-08-19 05:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-16 22:28 - 2014-08-19 05:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-16 22:28 - 2014-08-19 05:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-16 22:28 - 2014-08-19 05:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-16 22:28 - 2014-08-19 05:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-16 22:28 - 2014-08-19 05:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-16 22:28 - 2014-08-19 04:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-16 22:28 - 2014-08-19 04:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-16 22:28 - 2014-08-19 04:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-16 22:28 - 2014-07-07 04:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-16 22:28 - 2014-07-07 04:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-16 22:28 - 2014-07-07 04:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-16 22:28 - 2014-07-07 04:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-16 22:28 - 2014-07-07 04:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-16 22:28 - 2014-07-07 04:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-16 22:28 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-16 22:28 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-16 22:28 - 2014-07-07 04:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-16 22:28 - 2014-07-07 04:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-16 22:28 - 2014-07-07 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-16 22:28 - 2014-07-07 03:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-16 22:28 - 2014-07-07 03:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-16 22:28 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-16 22:28 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-16 22:28 - 2014-07-07 03:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-16 22:28 - 2014-07-07 03:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-16 22:28 - 2014-07-07 03:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-16 22:28 - 2014-07-07 03:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-16 22:28 - 2014-07-07 03:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-16 22:28 - 2014-07-07 03:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-16 22:28 - 2014-06-28 02:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-16 22:28 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-16 22:28 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-16 22:27 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 22:27 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 22:27 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 22:27 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 22:27 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 22:27 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 22:27 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 22:27 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 22:27 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 22:27 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 22:27 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 22:27 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 22:27 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 22:27 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 22:26 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 22:26 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 22:26 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 22:26 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 22:26 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 22:26 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 22:26 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 22:26 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 22:26 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 22:26 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 22:26 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 22:26 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 22:26 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 22:26 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 22:26 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 22:26 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 22:26 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 22:26 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 22:26 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 22:26 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 22:26 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 22:26 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 22:26 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 22:26 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 22:26 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 22:26 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 22:26 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 22:26 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 22:26 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 22:26 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 22:26 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 22:26 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 22:26 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 22:26 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 22:26 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 22:26 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 22:26 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 22:26 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 22:26 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 22:26 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 22:26 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 22:26 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 19:53 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 19:53 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 19:53 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 19:53 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 19:53 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 19:53 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 19:53 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 19:48 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 19:48 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 19:48 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 19:48 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 19:48 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 19:48 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 19:48 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 19:48 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 19:48 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 19:48 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 19:48 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 19:48 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 19:48 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 19:48 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 19:48 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 19:48 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 19:48 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 19:48 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 19:48 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 19:48 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 19:48 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 19:48 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-01 15:12 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 15:12 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 23:13 - 2014-09-30 23:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-29 21:53 - 2014-09-29 21:53 - 00000146 _____ () C:\Users\HP\Desktop\Sound.lnk
2014-09-26 17:46 - 2014-09-26 17:46 - 00000000 ____D () C:\ProgramData\ATI
2014-09-26 17:41 - 2014-09-26 17:41 - 00000000 ____D () C:\Users\Lars.LARS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-09-26 17:41 - 2014-09-26 17:41 - 00000000 ____D () C:\Users\Lars.LARS\AppData\Roaming\library_dir
2014-09-26 17:40 - 2014-09-26 17:42 - 00000000 ____D () C:\Users\Lars.LARS\AppData\Roaming\Raptr
2014-09-26 17:40 - 2014-09-26 17:41 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-09-26 17:40 - 2014-09-26 17:40 - 00056100 _____ () C:\Windows\SysWOW64\CCCInstall_201409261740266563.log
2014-09-26 17:40 - 2014-09-26 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-26 17:40 - 2014-09-26 17:40 - 00000000 ____D () C:\ProgramData\AMD
2014-09-26 17:40 - 2014-09-26 17:40 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-26 17:37 - 2014-09-26 17:37 - 00000000 ____D () C:\Program Files\AMD
2014-09-26 17:35 - 2014-09-26 17:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-26 17:35 - 2014-09-26 17:35 - 00000000 ____D () C:\Program Files\ATI
2014-09-26 17:28 - 2014-09-26 17:28 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieUserList
2014-09-26 17:28 - 2014-09-26 17:28 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieSiteList
2014-09-26 17:19 - 2014-09-26 17:20 - 00003778 _____ () C:\Users\Lars.LARS\Documents\Dragon Age 2 1.04.log
2014-09-25 19:10 - 2014-09-25 19:14 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-25 19:10 - 2014-09-25 19:10 - 00000000 ____D () C:\ProgramData\EA Core
2014-09-25 19:04 - 2014-09-25 19:04 - 00000000 ____D () C:\Users\HP\Documents\BioWare
2014-09-25 18:42 - 2014-09-25 19:04 - 00015712 _____ () C:\Users\Lars.LARS\Documents\Install Dragon Age 2.log
2014-09-24 22:41 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 22:41 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-24 18:40 - 2009-07-14 06:45 - 00015104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 18:40 - 2009-07-14 06:45 - 00015104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 18:36 - 2013-01-11 18:32 - 01339804 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 18:35 - 2012-09-15 10:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 18:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 16:24 - 2014-09-23 18:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 16:21 - 2014-09-23 18:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-24 16:15 - 2014-09-23 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-24 16:15 - 2012-09-11 22:02 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-24 16:06 - 2011-03-06 22:59 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Macromedia
2014-10-23 12:10 - 2014-02-13 22:00 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-10-22 17:43 - 2014-09-23 18:46 - 00000000 ____D () C:\Users\HP\AppData\Roaming\vlc
2014-10-22 17:39 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-10-22 17:39 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-10-22 17:39 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 16:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 16:13 - 2011-03-15 22:25 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype
2014-10-17 10:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-17 10:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-17 02:34 - 2012-07-05 18:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-17 02:33 - 2009-07-14 06:45 - 00306432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 22:41 - 2011-03-19 00:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 22:39 - 2013-08-18 23:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 22:26 - 2011-02-26 17:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-01 15:05 - 2012-11-26 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-01 11:11 - 2014-09-23 18:49 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-09-23 18:49 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2012-07-27 11:45 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-01 00:11 - 2011-03-05 15:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-26 17:40 - 2011-02-26 16:28 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-09-26 17:39 - 2011-02-26 16:28 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-26 17:33 - 2011-03-16 09:01 - 00000000 ____D () C:\AMD
2014-09-25 19:10 - 2011-02-25 18:31 - 00000000 ____D () C:\Users\HP\AppData\Local\VirtualStore
2014-09-25 18:58 - 2011-06-09 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2012-07-28 15:19
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014
Ran by Lars at 2014-10-24 18:42:50
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
Age of Empires II - the Conquerors WideScreen Patcher (HKLM-x32\...\{BA2F3EBC-FE07-4AB5-B906-14DF2C74C523}) (Version: 1.0.40 - Boekabart)
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
AGEIA PhysX v7.11.13 (HKLM-x32\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 2.4.595.9 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Audio 180% 7.5 (HKLM-x32\...\{82FEA187-116E-4CDA-A333-AB6ED22380C7}_is1) (Version: Audio 180% 7.5 - FRANZIS GmbH)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0308.2325.42017 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.3868 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes (HKLM-x32\...\Company of Heroes) (Version: 2.602.0 - THQ Inc.)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - )
Company of Heroes: Tales of Valor (HKLM-x32\...\Steam App 20540) (Version: - Relic)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Schwarze Auge (HKLM-x32\...\{9309441A-73B1-4A26-8A78-57E298DC2D02}) (Version: 1.0.0 - JoWood)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dell B1265dfw Mono MFP (HKLM-x32\...\Dell B1265dfw Mono MFP) (Version: 1.02 (20.03.2013) - Dell Inc.)
Dell B1265dfw Mono MFP Network PC Fax (x32 Version: 1.07.05 (05.03.2013) - Dell Inc.) Hidden
Dell B1265dfw Mono MFP Scan Assistant (x32 Version: 1.04.44.00 - Dell Inc.) Hidden
DeLorme Send To GPS 1.3 (HKLM\...\{0F60FD8E-3E58-4F8E-BF2C-DFA4C9987AE2}_is1) (Version: 1.3 - DeLorme Publishing)
Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.04 - Electronic Arts, Inc.)
Drakensang - Am Fluss der Zeit (HKLM-x32\...\Drakensang_TRoT_is1) (Version: - dtp)
ElsterFormular für Privatanwender (HKLM-x32\...\ElsterFormular für Privatanwender 12.2.0.6412p) (Version: 12.2.0.6412p - Landesfinanzdirektion Thüringen)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Free YouTube to MP3 Converter version 3.12.2.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.430 - DVDVideoSoft Ltd.)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Handset WinDriver 1.02.02.00 (HKLM-x32\...\Handset WinDriver) (Version: 1.02.02.00 - Huawei technologies Co., Ltd.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
HP Product Detection (HKLM-x32\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT)
LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MicroDicom 0.4.3 (HKLM-x32\...\MicroDicom) (Version: 0.4.3 - MicroDicom)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM-x32\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.1 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
Paragon Backup & Recovery™ 2012 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Sacred 2 (HKLM-x32\...\{1023383E-D9F6-478C-A965-23A4657B3C9A}) (Version: 2.0.2.0 - Ascaron Entertainment)
Sacred Underworld (HKLM-x32\...\Sacred Underworld_is1) (Version: - Ascaron Entertainment GmbH)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.15.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.3001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia)
Sins of a Solar Empire - Trinity (HKLM-x32\...\Sins of a Solar Empire - Trinity) (Version: 1.37.053 - Stardock Entertainment, Inc.)
Sins of a Solar Empire - Trinity (x32 Version: 1.37.053 - Stardock Entertainment) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
UBitMenuDE (HKLM-x32\...\{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1) (Version: 01.04 - UBit Schweiz AG)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1011_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1011_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1011_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1011_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2012-10-02 19:52 - 00600511 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]
127.0.0.1 csh.actiondesk.com
127.0.0.1 www.activemeter.com #[Tracking.Cookie]
127.0.0.1 ads.activepower.net
127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1 cms.ad2click.nl
127.0.0.1 ad2games.com
127.0.0.1 ads.ad2games.com
127.0.0.1 content.ad20.net
127.0.0.1 core.ad20.net
127.0.0.1 banner.ad.nu
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {07E4E0A4-E07B-4630-87F7-A1729E9C5AC6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1515B75A-8A11-4556-BB13-8FD4992C10AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2FC2A96E-4932-4AB7-8041-DB9AE814DBA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7168B8CE-22DE-43DC-BA9F-AA29E5D22705} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-30] (Google Inc.)
Task: {7B289717-AF09-4DBF-B48F-81C0CB666FD0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {8CD55018-0CCC-4C16-9F6C-E7100759AAAE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-14] (AVAST Software)
Task: {9380B491-EFC9-4F5B-9792-A92164789C2B} - System32\Tasks\{9FD39F96-DA27-4571-90E8-96D426361700} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.111.259/de/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {BB2111F9-B0E0-4378-8701-DCF198DF7ACE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {BB64613B-E148-4B28-9427-872D1315934B} - System32\Tasks\Stardock Central-S-1-5-21-1445491938-3163146774-1667579322-1000 => C:\Users\HP\AppData\Local\Stardock\StardockCentral\Stardock Central.exe [2012-10-24] (Stardock)
Task: {CF5B07FC-6820-45D4-B7A5-EE07E81EA77B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-17] (Adobe Systems Incorporated)
Task: {F1DEF122-F182-4603-B4D2-AE9BF964252B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-30] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-03-09 10:58 - 2012-03-09 10:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 10:58 - 2012-03-09 10:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-02-13 21:55 - 2012-12-05 13:41 - 00034304 _____ () C:\Windows\System32\sdb5mlm.dll
2014-02-13 21:55 - 2012-12-05 13:15 - 00034304 _____ () C:\Windows\System32\sdb5xlm.dll
2014-02-13 21:55 - 2013-02-22 12:05 - 01292800 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sdb5mdu.dll
2014-08-14 20:24 - 2014-08-14 20:24 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-24 11:50 - 2014-10-24 11:50 - 02896896 _____ () C:\Program Files\AVAST Software\Avast\defs\14102400\algo.dll
2014-08-14 20:24 - 2014-08-14 20:24 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-05-12 21:28 - 2014-10-01 00:11 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\S-1-5-21-1445491938-3163146774-1667579322-1000\Software\Classes\.exe: => <===== ATTENTION!
HKU\S-1-5-21-1445491938-3163146774-1667579322-1000\Software\Classes\exefile: <===== ATTENTION!
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: DpHost => 2
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: LightScribeService => 2
========================= Accounts: ==========================
Administrator (S-1-5-21-1445491938-3163146774-1667579322-500 - Administrator - Disabled)
coach (S-1-5-21-1445491938-3163146774-1667579322-1332 - Limited - Enabled)
Gast (S-1-5-21-1445491938-3163146774-1667579322-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1445491938-3163146774-1667579322-1007 - Limited - Enabled)
HP (S-1-5-21-1445491938-3163146774-1667579322-1000 - Limited - Enabled) => C:\Users\HP
Lars (S-1-5-21-1445491938-3163146774-1667579322-1011 - Administrator - Enabled) => C:\Users\Lars.LARS
==================== Faulty Device Manager Devices =============
Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/24/2014 00:49:07 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).
Error: (10/23/2014 10:55:43 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).
Error: (10/23/2014 11:38:46 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).
Error: (10/20/2014 04:31:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).
Error: (10/17/2014 02:54:33 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (10/17/2014 02:54:31 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).
Error: (10/16/2014 10:39:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (10/16/2014 10:39:17 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (10/16/2014 10:26:28 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).
Error: (10/16/2014 09:15:03 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).
System errors:
=============
Error: (10/24/2014 06:33:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (10/24/2014 06:33:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (10/24/2014 06:32:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/24/2014 06:32:41 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error: (10/24/2014 04:54:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (10/24/2014 04:21:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (10/24/2014 04:21:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (10/24/2014 04:21:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/24/2014 04:21:41 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error: (10/24/2014 04:21:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2012-12-14 03:01:47.827
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 03:01:47.702
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 03:01:47.577
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 03:01:47.405
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 03:01:47.281
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 03:01:47.156
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 02:49:46.497
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 02:49:46.356
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 02:49:46.232
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 02:49:46.076
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 44%
Total physical RAM: 3005.86 MB
Available physical RAM: 1660.04 MB
Total Pagefile: 15004.04 MB
Available Pagefile: 13403.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:48.83 GB) (Free:14.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Musik, Fotos, Daten) (Fixed) (Total:316.96 GB) (Free:178.01 GB) NTFS
Drive e: (Spiele) (Fixed) (Total:99.88 GB) (Free:35.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ADE44B09)
Partition 1: (Not Active) - (Size=100 MB) - (Type=17)
Partition 2: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=317 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=99.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
25.10.2014, 17:34
| #4 |
| | Windows 7: Malwarefund durch Malwarebytes Den GMER-Log musste ich dreiteilen, weil der so lang ist: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-24 19:02:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725050A9A364 rev.PC4OC72E 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\LARS~1.LAR\AppData\Local\Temp\pgddapoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 000000014a550460
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 000000014a550450
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 000000014a550370
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 000000014a550470
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 000000014a5503e0
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 000000014a550320
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 000000014a5503b0
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 000000014a550390
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 000000014a5502e0
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 000000014a5502d0
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 000000014a550310
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 000000014a5503c0
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 000000014a5503f0
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 000000014a550230
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 000000014a550480
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 000000014a5503a0
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 000000014a5502f0
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 000000014a550350
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 000000014a550290
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 000000014a5502b0
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 000000014a5503d0
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 000000014a550330
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 000000014a550410
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 000000014a550240
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 000000014a5501e0
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 000000014a550250
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 000000014a550490
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 000000014a5504a0
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 000000014a550300
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 000000014a550360
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 000000014a5502a0
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 000000014a5502c0
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 000000014a550380
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 000000014a550340
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 000000014a550440
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 000000014a550260
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 000000014a550270
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 000000014a550400
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 000000014a5501f0
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 000000014a550210
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 000000014a550200
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 000000014a550420
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 000000014a550430
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 000000014a550220
.text C:\Windows\system32\csrss.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 000000014a550280
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 000000014a550460
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 000000014a550450
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 000000014a550370
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 000000014a550470
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 000000014a5503e0
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 000000014a550320
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 000000014a5503b0
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 000000014a550390
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 000000014a5502e0
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 000000014a5502d0
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 000000014a550310
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 000000014a5503c0
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 000000014a5503f0
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 000000014a550230
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 000000014a550480
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 000000014a5503a0
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 000000014a5502f0
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 000000014a550350
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 000000014a550290
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 000000014a5502b0
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 000000014a5503d0
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 000000014a550330
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 000000014a550410
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 000000014a550240
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 000000014a5501e0
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 000000014a550250
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 000000014a550490
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 000000014a5504a0
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 000000014a550300
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 000000014a550360
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 000000014a5502a0
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 000000014a5502c0
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 000000014a550380
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 000000014a550340
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 000000014a550440
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 000000014a550260
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 000000014a550270
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 000000014a550400
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 000000014a5501f0
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 000000014a550210
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 000000014a550200
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 000000014a550420
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 000000014a550430
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 000000014a550220
.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 000000014a550280
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\system32\wininit.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\system32\wininit.exe[516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773bef8d 1 byte [62]
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\system32\winlogon.exe[564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773bef8d 1 byte [62]
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\system32\services.exe[612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773bef8d 1 byte [62]
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773bef8d 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[916] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773bef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000100070460
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000100070450
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000100070370
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000100070470
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000100070320
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000100070390
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000100070310
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000100070230
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000100070480
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000100070350
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000100070290
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000100070330
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000100070410
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000100070240
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000100070250
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000100070490
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000100070300
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000100070360
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000100070380
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000100070340
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000100070440
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000100070260
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000100070270
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000100070400
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000100070210
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000100070200
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000100070420
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000100070430
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000100070280
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
|
|
25.10.2014, 17:36
| #5 |
| | Windows 7: Malwarefund durch MalwarebytesCode:
ATTFilter .text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\System32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\System32\svchost.exe[992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773bef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\system32\svchost.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\system32\svchost.exe[220] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773bef8d 1 byte [62]
.text C:\Program Files\IDT\WDM\STacSV64.exe[512] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773bef8d 1 byte [62]
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\system32\atieclxx.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\Explorer.EXE[1488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773bef8d 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773bef8d 1 byte [62]
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1736] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1956] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000751f8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1956] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2fd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\System32\spoolsv.exe[1112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773bef8d 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000100060460
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000100060450
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000100060370
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000100060470
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000001000603e0
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000100060320
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000001000603b0
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000100060390
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000001000602e0
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000001000602d0
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000100060310
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000001000603c0
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000001000603f0
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000100060230
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000100060480
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000001000603a0
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000001000602f0
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000100060350
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000100060290
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000001000602b0
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000001000603d0
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000100060330
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000100060410
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000100060240
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000001000601e0
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000100060250
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000100060490
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000001000604a0
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000100060300
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000100060360
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000001000602a0
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000001000602c0
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000100060380
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000100060340
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000100060440
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000100060260
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000100060270
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000100060400
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000001000601f0
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000100060210
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000100060200
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000100060420
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000100060430
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000100060220
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000100060280
.text C:\Windows\system32\taskhost.exe[1516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773bef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[1972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773bef8d 1 byte [62]
.text C:\Program Files\IDT\WDM\AESTSr64.exe[2052] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773bef8d 1 byte [62]
.text C:\Windows\system32\spool\drivers\x64\3\D1265wServer64.exe[2104] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773bef8d 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2fd 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075cb1401 2 bytes JMP 7521b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075cb1419 2 bytes JMP 7521b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075cb1431 2 bytes JMP 75298ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075cb144a 2 bytes CALL 751f48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075cb14dd 2 bytes JMP 752987a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075cb14f5 2 bytes JMP 75298978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075cb150d 2 bytes JMP 75298698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075cb1525 2 bytes JMP 75298a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075cb153d 2 bytes JMP 7520fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075cb1555 2 bytes JMP 752168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075cb156d 2 bytes JMP 75298f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075cb1585 2 bytes JMP 75298ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075cb159d 2 bytes JMP 7529865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075cb15b5 2 bytes JMP 7520fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075cb15cd 2 bytes JMP 7521b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075cb16b2 2 bytes JMP 75298e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075cb16bd 2 bytes JMP 752985f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32
|
|
25.10.2014, 17:39
| #6 |
| | Windows 7: Malwarefund durch MalwarebytesCode:
ATTFilter \ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3620] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000773bef8d 1 byte [62]
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\system32\DllHost.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775d1360 5 bytes JMP 0000000077730460
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775d13b0 5 bytes JMP 0000000077730450
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775d1510 5 bytes JMP 0000000077730370
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775d1560 5 bytes JMP 0000000077730470
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775d1570 5 bytes JMP 00000000777303e0
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775d1620 5 bytes JMP 0000000077730320
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775d1650 5 bytes JMP 00000000777303b0
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775d1670 5 bytes JMP 0000000077730390
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775d16b0 5 bytes JMP 00000000777302e0
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775d1730 5 bytes JMP 00000000777302d0
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775d1750 5 bytes JMP 0000000077730310
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775d1790 5 bytes JMP 00000000777303c0
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775d17e0 5 bytes JMP 00000000777303f0
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775d1940 5 bytes JMP 0000000077730230
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775d1b00 5 bytes JMP 0000000077730480
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775d1b30 5 bytes JMP 00000000777303a0
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775d1c10 5 bytes JMP 00000000777302f0
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775d1c20 5 bytes JMP 0000000077730350
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775d1c80 5 bytes JMP 0000000077730290
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775d1d10 5 bytes JMP 00000000777302b0
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775d1d30 5 bytes JMP 00000000777303d0
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775d1d40 5 bytes JMP 0000000077730330
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775d1db0 5 bytes JMP 0000000077730410
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775d1de0 5 bytes JMP 0000000077730240
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775d20a0 5 bytes JMP 00000000777301e0
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775d2160 5 bytes JMP 0000000077730250
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775d2190 5 bytes JMP 0000000077730490
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775d21a0 5 bytes JMP 00000000777304a0
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775d21d0 5 bytes JMP 0000000077730300
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775d21e0 5 bytes JMP 0000000077730360
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775d2240 5 bytes JMP 00000000777302a0
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775d2290 5 bytes JMP 00000000777302c0
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775d22c0 5 bytes JMP 0000000077730380
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775d22d0 5 bytes JMP 0000000077730340
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775d25c0 5 bytes JMP 0000000077730440
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775d27c0 5 bytes JMP 0000000077730260
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775d27d0 5 bytes JMP 0000000077730270
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775d27e0 5 bytes JMP 0000000077730400
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775d29a0 5 bytes JMP 00000000777301f0
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775d29b0 5 bytes JMP 0000000077730210
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775d2a20 5 bytes JMP 0000000077730200
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775d2a80 5 bytes JMP 0000000077730420
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775d2a90 5 bytes JMP 0000000077730430
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775d2aa0 5 bytes JMP 0000000077730220
.text C:\Windows\system32\taskeng.exe[3512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775d2b80 5 bytes JMP 0000000077730280
.text C:\Users\HP\Desktop\Gmer-19357.exe[3608] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2fd 1 byte [62]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395320f2f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395320f2f@0023d6b9d8d0 0x0D 0x11 0x1F 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x70 0x1C 0x73 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5D 0x02 0x1A 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395320f2f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395320f2f@0023d6b9d8d0 0x0D 0x11 0x1F 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x70 0x1C 0x73 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5D 0x02 0x1A 0xB9 ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter <?xml version="1.0" encoding="UTF-16"?>
-<mbam-log>
-<header>
<date>2014/10/24 16:24:56 +0200</date>
<logfile>mbam-log-2014-10-24 (16-24-56).xml</logfile>
<isadmin>yes</isadmin>
</header>
-<engine>
<version>2.00.3.1025</version>
<malware-database>v2014.09.19.05</malware-database>
<rootkit-database>v2014.09.18.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
-<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Lars</username>
<filesys>NTFS</filesys>
</system>
-<summary>
<type>threat</type>
<result>completed</result>
<objects>517522</objects>
<time>1250</time>
<processes>0</processes>
<modules>0</modules>
<keys>2</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
-<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>warn</pup>
<pum>enabled</pum>
</options>
-<items>
-<key>
<path>HKU\S-1-5-21-1445491938-3163146774-1667579322-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}</path>
<vendor>PUP.Optional.FrostwireTB.A</vendor>
<action>success</action>
<hash>6a1705ea0e6d72c44a95ae1745bdc33d</hash>
</key>
-<key>
<path>HKU\S-1-5-21-1445491938-3163146774-1667579322-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader</path>
<vendor>PUP.Optional.Softonic.A</vendor>
<action>success</action>
<hash>176ab738ef8cf6406265cf58eb1806fa</hash>
</key>
</items>
</mbam-log>
Avast: Code:
ATTFilter 12/14/2013 12:32
Prüfung von D:\
Prüfung von E:\
Prüfung von C:\
Anzahl durchsuchter Ordner: 25479
Anzahl der geprüften Dateien: 1349788
Anzahl infizierter Dateien: 0
----------------------------------------
02/28/2014 18:19
Prüfung von D:\
Prüfung von E:\
Prüfung von C:\
Anzahl durchsuchter Ordner: 26720
Anzahl der geprüften Dateien: 1391087
Anzahl infizierter Dateien: 0
----------------------------------------
10/24/2014 16:55
Prüfung von D:\
Prüfung von E:\
Prüfung von C:\
Datei C:\Users\Lars.LARS\AppData\Local\Downloaded Installations\{7F20D900-8DBC-415D-BA92-472C11866605}\Samsung Kies.msi|>Data1.cab|>samsung_usb_driver_for_mobil|>$INSTDIR\25_escape\amd64\WdfCoInstaller01007.dll|>Microsoft Kernel-Mode Driver Framework Install-v1.7-Win2k-WinXP-Win2k3.exe Fehler 42110 {Die Datei ist eine Archivbombe.}
Datei C:\Users\Lars.LARS\AppData\Local\Downloaded Installations\{7F20D900-8DBC-415D-BA92-472C11866605}\Samsung Kies.msi|>Data1.cab|>samsung_usb_driver_for_mobil|>$INSTDIR\25_escape\amd64\WdfCoInstaller01007.dll Fehler 42110 {Die Datei ist eine Archivbombe.}
Datei C:\Users\Lars.LARS\AppData\Local\Downloaded Installations\{7F20D900-8DBC-415D-BA92-472C11866605}\Samsung Kies.msi|>Data1.cab|>samsung_usb_driver_for_mobil Fehler 42110 {Die Datei ist eine Archivbombe.}
Datei C:\Users\Lars.LARS\AppData\Local\Downloaded Installations\{7F20D900-8DBC-415D-BA92-472C11866605}\Samsung Kies.msi|>Data1.cab Fehler 42110 {Die Datei ist eine Archivbombe.}
Datei C:\Users\Lars.LARS\AppData\Local\Downloaded Installations\{F1102F9E-68CB-40F7-81EF-892264204BAE}\Samsung Kies.msi|>Data1.cab|>samsung_usb_driver_for_mobil|>$INSTDIR\25_escape\amd64\WdfCoInstaller01007.dll|>Microsoft Kernel-Mode Driver Framework Install-v1.7-Win2k-WinXP-Win2k3.exe Fehler 42110 {Die Datei ist eine Archivbombe.}
Datei C:\Users\Lars.LARS\AppData\Local\Downloaded Installations\{F1102F9E-68CB-40F7-81EF-892264204BAE}\Samsung Kies.msi|>Data1.cab|>samsung_usb_driver_for_mobil|>$INSTDIR\25_escape\amd64\WdfCoInstaller01007.dll Fehler 42110 {Die Datei ist eine Archivbombe.}
Datei C:\Users\Lars.LARS\AppData\Local\Downloaded Installations\{F1102F9E-68CB-40F7-81EF-892264204BAE}\Samsung Kies.msi|>Data1.cab|>samsung_usb_driver_for_mobil Fehler 42110 {Die Datei ist eine Archivbombe.}
Datei C:\Users\Lars.LARS\AppData\Local\Downloaded Installations\{F1102F9E-68CB-40F7-81EF-892264204BAE}\Samsung Kies.msi|>Data1.cab Fehler 42110 {Die Datei ist eine Archivbombe.}
Anzahl durchsuchter Ordner: 29852
Anzahl der geprüften Dateien: 1466902
Anzahl infizierter Dateien: 0
|
|
26.10.2014, 14:32
| #7 |
| /// the machine /// TB-Ausbilder | Windows 7: Malwarefund durch Malwarebytes Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.10.2014, 20:53
| #8 |
| | Windows 7: Malwarefund durch Malwarebytes Guten Abend, die jrt.txt ist nach dem Scan weder auf dem Desktop noch woanders auffindbar... Code:
ATTFilter # AdwCleaner v4.001 - Bericht erstellt am 26/10/2014 um 20:11:50
# DB v
# Aktualisiert 20/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Lars - LARS
# Gestartet von : C:\Users\HP\Desktop\AdwCleaner_4.001.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_7-zip_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_7-zip_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_adobe-reader-x_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_adobe-reader-x_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_regcleaner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_regcleaner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_zonealarm-firewall_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_zonealarm-firewall_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v32.0.3 (x86 de)
*************************
AdwCleaner[R0].txt - [8847 octets] - [26/10/2014 20:05:58]
AdwCleaner[R1].txt - [9801 octets] - [26/10/2014 20:09:17]
AdwCleaner[S0].txt - [8718 octets] - [26/10/2014 20:11:50]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [8778 octets] ##########
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by Lars (administrator) on LARS on 26-10-2014 20:43:44
Running from C:\Users\HP\Desktop
Loaded Profiles: HP & Lars (Available profiles: HP & Lars & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Dell Inc) C:\Windows\System32\spool\drivers\x64\3\D1265wServer64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1445491938-3163146774-1667579322-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-1445491938-3163146774-1667579322-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-1445491938-3163146774-1667579322-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-1445491938-3163146774-1667579322-1011\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = about:blank
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Lars.LARS\AppData\Roaming\Mozilla\Firefox\Profiles\4oqzsymq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @delorme.com/SendToGPS -> C:\Program Files (x86)\DeLorme\SendToGPS\nppnplugin.dll (DeLorme)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\Lars.LARS\AppData\Roaming\Mozilla\Firefox\Profiles\4oqzsymq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-29]
FF Extension: Adblock Plus - C:\Users\Lars.LARS\AppData\Roaming\Mozilla\Firefox\Profiles\4oqzsymq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-13]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software)
R2 Dell B1265dfw Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\D1265wServer64.exe [241152 2013-03-05] (Dell Inc) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-14] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-14] ()
S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2011-10-24] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-24] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-05-26] (Duplex Secure Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
S3 USBMULCD; system32\drivers\CM10664.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-26 20:43 - 2014-10-26 20:44 - 00013677 _____ () C:\Users\HP\Desktop\FRST.txt
2014-10-26 20:43 - 2014-10-26 20:43 - 00000000 ____D () C:\Users\HP\Desktop\FRST-OlderVersion
2014-10-26 20:37 - 2014-10-26 20:37 - 00000624 _____ () C:\Users\Lars.LARS\Desktop\JRT.txt
2014-10-26 20:20 - 2014-10-26 20:20 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-26 20:18 - 2014-10-26 20:18 - 00000000 ____D () C:\Windows\ERUNT
2014-10-26 20:18 - 2014-10-26 20:17 - 01706144 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe
2014-10-26 20:17 - 2014-10-26 20:11 - 00008960 _____ () C:\Users\HP\Desktop\AdwCleaner[S0].txt
2014-10-26 20:12 - 2014-10-26 20:12 - 00000318 _____ () C:\Windows\PFRO.log
2014-10-26 20:05 - 2014-10-26 20:11 - 00000000 ____D () C:\AdwCleaner
2014-10-26 20:04 - 2014-10-26 20:04 - 01962496 _____ () C:\Users\HP\Desktop\AdwCleaner_4.001.exe
2014-10-25 16:44 - 2014-10-25 16:46 - 00000000 ____D () C:\PUP
2014-10-24 18:02 - 2014-10-24 18:02 - 00256748 _____ () C:\Users\HP\Desktop\gmer.txt
2014-10-24 17:48 - 2014-10-24 17:32 - 00002592 _____ () C:\Users\HP\Desktop\aswBoot.txt
2014-10-24 17:46 - 2014-10-24 17:46 - 00380416 _____ () C:\Users\HP\Desktop\Gmer-19357.exe
2014-10-24 17:45 - 2014-10-24 15:51 - 00003668 _____ () C:\Users\HP\Desktop\mbam-log-2014-10-24 (16-24-56).xml
2014-10-24 17:41 - 2014-10-26 20:43 - 00000000 ____D () C:\FRST
2014-10-24 17:40 - 2014-10-26 20:43 - 02113024 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2014-10-24 17:38 - 2014-10-24 17:38 - 00000522 _____ () C:\Users\HP\Desktop\defogger_disable.log
2014-10-24 17:36 - 2014-10-24 17:36 - 00050477 _____ () C:\Users\HP\Desktop\Defogger.exe
2014-10-24 15:21 - 2014-10-26 20:38 - 00000728 _____ () C:\Windows\setupact.log
2014-10-24 15:21 - 2014-10-24 15:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-21 14:59 - 2014-10-21 14:59 - 00000645 _____ () C:\Users\HP\Desktop\Musik.lnk
2014-10-16 21:28 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-16 21:28 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-16 21:28 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-16 21:28 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-16 21:28 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-16 21:28 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-16 21:28 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-16 21:28 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-16 21:28 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-16 21:28 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-16 21:28 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-16 21:28 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-16 21:28 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-16 21:28 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-16 21:28 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-16 21:28 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-16 21:28 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-16 21:28 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-16 21:28 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-16 21:28 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-16 21:28 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-16 21:28 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-16 21:28 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-16 21:28 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-16 21:28 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-16 21:28 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-16 21:28 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-16 21:28 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-16 21:28 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-16 21:28 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-16 21:28 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-16 21:28 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-16 21:28 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-16 21:28 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-16 21:28 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-16 21:27 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 21:27 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 21:27 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 21:27 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 21:27 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 21:27 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 21:27 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 21:27 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 21:27 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 21:27 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 21:27 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 21:27 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 21:27 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 21:27 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 21:26 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 21:26 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 21:26 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 21:26 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 21:26 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 21:26 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 21:26 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 21:26 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 21:26 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 21:26 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 21:26 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 21:26 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 21:26 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 21:26 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 21:26 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 21:26 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 21:26 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 21:26 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 21:26 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 21:26 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 21:26 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 21:26 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 21:26 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 21:26 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 21:26 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 21:26 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 21:26 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 21:26 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 21:26 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 21:26 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 21:26 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 21:26 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 21:26 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 21:26 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 21:26 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 21:26 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 21:26 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 21:26 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 21:26 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 21:26 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 21:26 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 21:26 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 18:53 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 18:53 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 18:53 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 18:53 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 18:53 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 18:53 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 18:53 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 18:48 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 18:48 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 18:48 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 18:48 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 18:48 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 18:48 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 18:48 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 18:48 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 18:48 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 18:48 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 18:48 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 18:48 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 18:48 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 18:48 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 18:48 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 18:48 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 18:48 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 18:48 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 18:48 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 18:48 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 18:48 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 18:48 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-01 14:12 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 14:12 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 22:13 - 2014-09-30 22:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-29 20:53 - 2014-09-29 20:53 - 00000146 _____ () C:\Users\HP\Desktop\Sound.lnk
2014-09-26 16:46 - 2014-09-26 16:46 - 00000000 ____D () C:\ProgramData\ATI
2014-09-26 16:41 - 2014-09-26 16:41 - 00000000 ____D () C:\Users\Lars.LARS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-09-26 16:41 - 2014-09-26 16:41 - 00000000 ____D () C:\Users\Lars.LARS\AppData\Roaming\library_dir
2014-09-26 16:40 - 2014-09-26 16:42 - 00000000 ____D () C:\Users\Lars.LARS\AppData\Roaming\Raptr
2014-09-26 16:40 - 2014-09-26 16:41 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-09-26 16:40 - 2014-09-26 16:40 - 00056100 _____ () C:\Windows\SysWOW64\CCCInstall_201409261740266563.log
2014-09-26 16:40 - 2014-09-26 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-26 16:40 - 2014-09-26 16:40 - 00000000 ____D () C:\ProgramData\AMD
2014-09-26 16:40 - 2014-09-26 16:40 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-26 16:37 - 2014-09-26 16:37 - 00000000 ____D () C:\Program Files\AMD
2014-09-26 16:35 - 2014-09-26 16:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-26 16:35 - 2014-09-26 16:35 - 00000000 ____D () C:\Program Files\ATI
2014-09-26 16:28 - 2014-09-26 16:28 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieUserList
2014-09-26 16:28 - 2014-09-26 16:28 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieSiteList
2014-09-26 16:19 - 2014-09-26 16:20 - 00003778 _____ () C:\Users\Lars.LARS\Documents\Dragon Age 2 1.04.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-26 20:43 - 2009-07-14 18:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-10-26 20:43 - 2009-07-14 18:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-10-26 20:43 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-26 20:42 - 2013-01-11 17:32 - 01404804 _____ () C:\Windows\WindowsUpdate.log
2014-10-26 20:39 - 2012-09-15 09:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 20:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-26 20:32 - 2009-07-14 05:45 - 00015104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-26 20:32 - 2009-07-14 05:45 - 00015104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-26 20:05 - 2011-03-15 21:25 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype
2014-10-26 20:05 - 2011-03-06 21:59 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Macromedia
2014-10-24 18:01 - 2013-01-31 18:42 - 00256748 _____ () C:\Users\Lars.LARS\Desktop\gmer.txt
2014-10-24 15:24 - 2014-09-23 17:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 15:21 - 2014-09-23 17:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-24 15:15 - 2014-09-23 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-24 15:15 - 2012-09-11 21:02 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-23 11:10 - 2014-02-13 21:00 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-10-22 16:43 - 2014-09-23 17:46 - 00000000 ____D () C:\Users\HP\AppData\Roaming\vlc
2014-10-20 15:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 09:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-17 09:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-17 01:34 - 2012-07-05 17:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-17 01:33 - 2009-07-14 05:45 - 00306432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 21:41 - 2011-03-18 23:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 21:39 - 2013-08-18 22:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 21:26 - 2011-02-26 16:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-01 14:05 - 2012-11-26 20:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-01 10:11 - 2014-09-23 17:49 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 10:11 - 2014-09-23 17:49 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 10:11 - 2012-07-27 10:45 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-30 23:11 - 2011-03-05 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-26 16:40 - 2011-02-26 15:28 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-09-26 16:39 - 2011-02-26 15:28 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-26 16:33 - 2011-03-16 08:01 - 00000000 ____D () C:\AMD
Some content of TEMP:
====================
C:\Users\HP\AppData\Local\temp\SkypeSetup.exe
C:\Users\Lars.LARS\AppData\Local\temp\Quarantine.exe
C:\Users\Lars.LARS\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2012-07-28 14:19
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2014
Ran by Lars at 2014-10-26 20:44:49
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
Age of Empires II - the Conquerors WideScreen Patcher (HKLM-x32\...\{BA2F3EBC-FE07-4AB5-B906-14DF2C74C523}) (Version: 1.0.40 - Boekabart)
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
AGEIA PhysX v7.11.13 (HKLM-x32\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 2.4.595.9 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Audio 180% 7.5 (HKLM-x32\...\{82FEA187-116E-4CDA-A333-AB6ED22380C7}_is1) (Version: Audio 180% 7.5 - FRANZIS GmbH)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.3868 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes (HKLM-x32\...\Company of Heroes) (Version: 2.602.0 - THQ Inc.)
Company of Heroes: Tales of Valor (HKLM-x32\...\Steam App 20540) (Version: - Relic)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Schwarze Auge (HKLM-x32\...\{9309441A-73B1-4A26-8A78-57E298DC2D02}) (Version: 1.0.0 - JoWood)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dell B1265dfw Mono MFP (HKLM-x32\...\Dell B1265dfw Mono MFP) (Version: 1.02 (20.03.2013) - Dell Inc.)
Dell B1265dfw Mono MFP Network PC Fax (x32 Version: 1.07.05 (05.03.2013) - Dell Inc.) Hidden
Dell B1265dfw Mono MFP Scan Assistant (x32 Version: 1.04.44.00 - Dell Inc.) Hidden
DeLorme Send To GPS 1.3 (HKLM\...\{0F60FD8E-3E58-4F8E-BF2C-DFA4C9987AE2}_is1) (Version: 1.3 - DeLorme Publishing)
Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.04 - Electronic Arts, Inc.)
Drakensang - Am Fluss der Zeit (HKLM-x32\...\Drakensang_TRoT_is1) (Version: - dtp)
ElsterFormular für Privatanwender (HKLM-x32\...\ElsterFormular für Privatanwender 12.2.0.6412p) (Version: 12.2.0.6412p - Landesfinanzdirektion Thüringen)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Free YouTube to MP3 Converter version 3.12.2.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.430 - DVDVideoSoft Ltd.)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Handset WinDriver 1.02.02.00 (HKLM-x32\...\Handset WinDriver) (Version: 1.02.02.00 - Huawei technologies Co., Ltd.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
HP Product Detection (HKLM-x32\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT)
LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MicroDicom 0.4.3 (HKLM-x32\...\MicroDicom) (Version: 0.4.3 - MicroDicom)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM-x32\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.1 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
Paragon Backup & Recovery™ 2012 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Sacred 2 (HKLM-x32\...\{1023383E-D9F6-478C-A965-23A4657B3C9A}) (Version: 2.0.2.0 - Ascaron Entertainment)
Sacred Underworld (HKLM-x32\...\Sacred Underworld_is1) (Version: - Ascaron Entertainment GmbH)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.15.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.3001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia)
Sins of a Solar Empire - Trinity (HKLM-x32\...\Sins of a Solar Empire - Trinity) (Version: 1.37.053 - Stardock Entertainment, Inc.)
Sins of a Solar Empire - Trinity (x32 Version: 1.37.053 - Stardock Entertainment) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
UBitMenuDE (HKLM-x32\...\{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1) (Version: 01.04 - UBit Schweiz AG)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1011_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1011_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1011_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1445491938-3163146774-1667579322-1011_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2012-10-02 18:52 - 00600511 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]
127.0.0.1 csh.actiondesk.com
127.0.0.1 www.activemeter.com #[Tracking.Cookie]
127.0.0.1 ads.activepower.net
127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1 cms.ad2click.nl
127.0.0.1 ad2games.com
127.0.0.1 ads.ad2games.com
127.0.0.1 content.ad20.net
127.0.0.1 core.ad20.net
127.0.0.1 banner.ad.nu
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {07E4E0A4-E07B-4630-87F7-A1729E9C5AC6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1515B75A-8A11-4556-BB13-8FD4992C10AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2FC2A96E-4932-4AB7-8041-DB9AE814DBA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7168B8CE-22DE-43DC-BA9F-AA29E5D22705} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-30] (Google Inc.)
Task: {7B289717-AF09-4DBF-B48F-81C0CB666FD0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {8CD55018-0CCC-4C16-9F6C-E7100759AAAE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-14] (AVAST Software)
Task: {9380B491-EFC9-4F5B-9792-A92164789C2B} - System32\Tasks\{9FD39F96-DA27-4571-90E8-96D426361700} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.111.259/de/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {BB2111F9-B0E0-4378-8701-DCF198DF7ACE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {BB64613B-E148-4B28-9427-872D1315934B} - System32\Tasks\Stardock Central-S-1-5-21-1445491938-3163146774-1667579322-1000 => C:\Users\HP\AppData\Local\Stardock\StardockCentral\Stardock Central.exe [2012-10-24] (Stardock)
Task: {CF5B07FC-6820-45D4-B7A5-EE07E81EA77B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-17] (Adobe Systems Incorporated)
Task: {F1DEF122-F182-4603-B4D2-AE9BF964252B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-30] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-02-13 20:55 - 2012-12-05 12:41 - 00034304 _____ () C:\Windows\System32\sdb5mlm.dll
2014-02-13 20:55 - 2012-12-05 12:15 - 00034304 _____ () C:\Windows\System32\sdb5xlm.dll
2014-02-13 20:55 - 2013-02-22 11:05 - 01292800 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sdb5mdu.dll
2014-08-14 19:24 - 2014-08-14 19:24 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-26 19:57 - 2014-10-26 19:57 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14102600\algo.dll
2014-08-14 19:24 - 2014-08-14 19:24 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\S-1-5-21-1445491938-3163146774-1667579322-1000\Software\Classes\.exe: => <===== ATTENTION!
HKU\S-1-5-21-1445491938-3163146774-1667579322-1000\Software\Classes\exefile: <===== ATTENTION!
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: DpHost => 2
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: LightScribeService => 2
========================= Accounts: ==========================
Administrator (S-1-5-21-1445491938-3163146774-1667579322-500 - Administrator - Disabled)
coach (S-1-5-21-1445491938-3163146774-1667579322-1332 - Limited - Enabled)
Gast (S-1-5-21-1445491938-3163146774-1667579322-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1445491938-3163146774-1667579322-1007 - Limited - Enabled)
HP (S-1-5-21-1445491938-3163146774-1667579322-1000 - Limited - Enabled) => C:\Users\HP
Lars (S-1-5-21-1445491938-3163146774-1667579322-1011 - Administrator - Enabled) => C:\Users\Lars.LARS
==================== Faulty Device Manager Devices =============
Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (10/26/2014 08:39:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (10/26/2014 08:39:04 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error: (10/26/2014 08:39:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (10/26/2014 08:39:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/26/2014 08:38:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2012-12-14 03:01:47.827
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 03:01:47.702
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 03:01:47.577
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 03:01:47.405
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 03:01:47.281
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 03:01:47.156
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 02:49:46.497
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 02:49:46.356
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 02:49:46.232
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-14 02:49:46.076
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume15\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 35%
Total physical RAM: 3005.86 MB
Available physical RAM: 1927.3 MB
Total Pagefile: 15004.04 MB
Available Pagefile: 13823.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:48.83 GB) (Free:14.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Musik, Fotos, Daten) (Fixed) (Total:316.96 GB) (Free:178.01 GB) NTFS
Drive e: (Spiele) (Fixed) (Total:99.88 GB) (Free:35.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ADE44B09)
Partition 1: (Not Active) - (Size=100 MB) - (Type=17)
Partition 2: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=317 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=99.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Danke und einen schönen Abend! |
|
27.10.2014, 18:16
| #9 |
| /// the machine /// TB-Ausbilder | Windows 7: Malwarefund durch MalwarebytesESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.10.2014, 16:41
| #10 |
| | Windows 7: Malwarefund durch Malwarebytes So, hier sind die Logs: Die beiden Funde beim Eset-Onlinescanner liegen in einem Ordner, auf den ich seit Jahren nicht mehr bewusst zugegriffen habe, geschweige denn Zonealarm installiert hätte...  Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=abe54d2bb431c24eaad026eb7c5b4bd5
# engine=20810
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-28 10:19:06
# local_time=2014-10-28 11:19:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 88 2227961 27519633 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 40762841 166121396 0 0
# scanned=219218
# found=2
# cleaned=0
# scan_time=7867
sh=2D879ECEBDDC08340F81CDCF653D6E45FDD5C701 ft=1 fh=9458f5df85f9a402 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="D:\Alter Rechner\Downloads\NEU\zaSetup_92_102_000_en.exe"
sh=3E9C132E0E3CE20A88D25F8B13F4E30C016DBAC2 ft=1 fh=054a16d40353ce25 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung" ac=I fn="D:\Alter Rechner\Downloads\Sicherheit\ZoneAlarm\zlsSetup_70_483_000_en.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
SpywareBlaster 5.0
Secunia PSI (3.0.0.3001)
Adobe Flash Player 15.0.0.152
Mozilla Firefox 32.0.3 Firefox out of Date!
Mozilla Thunderbird (31.1.2)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by Lars (administrator) on LARS on 28-10-2014 16:26:41
Running from C:\Users\HP\Desktop
Loaded Profiles: HP & Lars (Available profiles: HP & Lars & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Dell Inc) C:\Windows\System32\spool\drivers\x64\3\D1265wServer64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1445491938-3163146774-1667579322-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-1445491938-3163146774-1667579322-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-1445491938-3163146774-1667579322-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-1445491938-3163146774-1667579322-1011\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = about:blank
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Lars.LARS\AppData\Roaming\Mozilla\Firefox\Profiles\4oqzsymq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @delorme.com/SendToGPS -> C:\Program Files (x86)\DeLorme\SendToGPS\nppnplugin.dll (DeLorme)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\Lars.LARS\AppData\Roaming\Mozilla\Firefox\Profiles\4oqzsymq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-29]
FF Extension: Adblock Plus - C:\Users\Lars.LARS\AppData\Roaming\Mozilla\Firefox\Profiles\4oqzsymq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-13]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software)
R2 Dell B1265dfw Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\D1265wServer64.exe [241152 2013-03-05] (Dell Inc) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-14] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-14] ()
S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2011-10-24] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-24] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-05-26] (Duplex Secure Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
S3 USBMULCD; system32\drivers\CM10664.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-28 16:24 - 2014-10-28 16:24 - 00000883 _____ () C:\Users\HP\Desktop\checkup.txt
2014-10-28 16:22 - 2014-10-28 16:22 - 00000883 _____ () C:\Users\Lars.LARS\Desktop\checkup.txt
2014-10-28 16:07 - 2014-10-28 16:07 - 00854448 _____ () C:\Users\HP\Desktop\SecurityCheck.exe
2014-10-28 08:59 - 2014-10-28 08:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-28 08:58 - 2014-10-28 08:58 - 02347384 _____ (ESET) C:\Users\HP\Desktop\esetsmartinstaller_deu.exe
2014-10-26 20:44 - 2014-10-26 20:45 - 00030651 _____ () C:\Users\HP\Desktop\Addition.txt
2014-10-26 20:43 - 2014-10-28 16:26 - 00013773 _____ () C:\Users\HP\Desktop\FRST.txt
2014-10-26 20:43 - 2014-10-26 20:43 - 00000000 ____D () C:\Users\HP\Desktop\FRST-OlderVersion
2014-10-26 20:37 - 2014-10-26 20:37 - 00000624 _____ () C:\Users\Lars.LARS\Desktop\JRT.txt
2014-10-26 20:20 - 2014-10-26 20:20 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-26 20:18 - 2014-10-26 20:18 - 00000000 ____D () C:\Windows\ERUNT
2014-10-26 20:18 - 2014-10-26 20:17 - 01706144 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe
2014-10-26 20:17 - 2014-10-26 20:11 - 00008960 _____ () C:\Users\HP\Desktop\AdwCleaner[S0].txt
2014-10-26 20:05 - 2014-10-26 20:11 - 00000000 ____D () C:\AdwCleaner
2014-10-26 20:04 - 2014-10-26 20:04 - 01962496 _____ () C:\Users\HP\Desktop\AdwCleaner_4.001.exe
2014-10-25 16:44 - 2014-10-25 16:46 - 00000000 ____D () C:\PUP
2014-10-24 18:02 - 2014-10-24 18:02 - 00256748 _____ () C:\Users\HP\Desktop\gmer.txt
2014-10-24 17:48 - 2014-10-24 17:32 - 00002592 _____ () C:\Users\HP\Desktop\aswBoot.txt
2014-10-24 17:46 - 2014-10-24 17:46 - 00380416 _____ () C:\Users\HP\Desktop\Gmer-19357.exe
2014-10-24 17:45 - 2014-10-24 15:51 - 00003668 _____ () C:\Users\HP\Desktop\mbam-log-2014-10-24 (16-24-56).xml
2014-10-24 17:41 - 2014-10-28 16:26 - 00000000 ____D () C:\FRST
2014-10-24 17:40 - 2014-10-26 20:43 - 02113024 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2014-10-24 17:38 - 2014-10-24 17:38 - 00000522 _____ () C:\Users\HP\Desktop\defogger_disable.log
2014-10-24 17:36 - 2014-10-24 17:36 - 00050477 _____ () C:\Users\HP\Desktop\Defogger.exe
2014-10-21 14:59 - 2014-10-21 14:59 - 00000645 _____ () C:\Users\HP\Desktop\Musik.lnk
2014-10-16 21:28 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-16 21:28 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-16 21:28 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-16 21:28 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-16 21:28 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-16 21:28 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-16 21:28 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-16 21:28 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-16 21:28 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-16 21:28 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-16 21:28 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-16 21:28 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-16 21:28 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-16 21:28 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-16 21:28 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-16 21:28 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-16 21:28 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-16 21:28 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-16 21:28 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-16 21:28 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-16 21:28 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-16 21:28 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-16 21:28 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-16 21:28 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-16 21:28 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-16 21:28 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-16 21:28 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-16 21:28 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-16 21:28 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-16 21:28 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-16 21:28 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-16 21:28 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-16 21:28 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-16 21:28 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-16 21:28 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-16 21:28 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-16 21:28 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-16 21:27 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 21:27 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 21:27 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 21:27 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 21:27 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 21:27 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 21:27 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 21:27 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 21:27 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 21:27 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 21:27 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 21:27 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 21:27 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 21:27 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 21:26 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 21:26 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 21:26 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 21:26 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 21:26 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 21:26 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 21:26 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 21:26 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 21:26 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 21:26 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 21:26 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 21:26 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 21:26 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 21:26 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 21:26 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 21:26 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 21:26 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 21:26 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 21:26 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 21:26 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 21:26 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 21:26 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 21:26 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 21:26 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 21:26 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 21:26 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 21:26 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 21:26 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 21:26 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 21:26 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 21:26 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 21:26 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 21:26 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 21:26 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 21:26 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 21:26 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 21:26 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 21:26 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 21:26 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 21:26 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 21:26 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 21:26 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 18:53 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 18:53 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 18:53 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 18:53 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 18:53 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 18:53 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 18:53 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 18:48 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 18:48 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 18:48 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 18:48 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 18:48 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 18:48 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 18:48 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 18:48 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 18:48 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 18:48 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 18:48 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 18:48 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 18:48 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 18:48 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 18:48 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 18:48 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 18:48 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 18:48 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 18:48 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 18:48 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 18:48 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 18:48 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-01 14:12 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 14:12 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 22:13 - 2014-09-30 22:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-29 20:53 - 2014-09-29 20:53 - 00000146 _____ () C:\Users\HP\Desktop\Sound.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-28 16:08 - 2013-01-11 17:32 - 01459400 _____ () C:\Windows\WindowsUpdate.log
2014-10-28 09:01 - 2011-03-06 21:59 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Macromedia
2014-10-28 08:58 - 2011-03-15 21:25 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype
2014-10-28 08:52 - 2009-07-14 05:45 - 00015104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 08:52 - 2009-07-14 05:45 - 00015104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 08:49 - 2009-07-14 18:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-10-28 08:49 - 2009-07-14 18:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-10-28 08:49 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-28 08:45 - 2012-09-15 09:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 08:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-27 12:30 - 2012-07-05 17:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-24 18:01 - 2013-01-31 18:42 - 00256748 _____ () C:\Users\Lars.LARS\Desktop\gmer.txt
2014-10-24 15:24 - 2014-09-23 17:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 15:21 - 2014-09-23 17:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-24 15:15 - 2014-09-23 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-24 15:15 - 2012-09-11 21:02 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-23 11:10 - 2014-02-13 21:00 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-10-22 16:43 - 2014-09-23 17:46 - 00000000 ____D () C:\Users\HP\AppData\Roaming\vlc
2014-10-20 15:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 09:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-17 09:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-17 01:33 - 2009-07-14 05:45 - 00306432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 21:41 - 2011-03-18 23:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 21:39 - 2013-08-18 22:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 21:26 - 2011-02-26 16:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-01 14:05 - 2012-11-26 20:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-01 10:11 - 2014-09-23 17:49 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 10:11 - 2014-09-23 17:49 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 10:11 - 2012-07-27 10:45 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-30 23:11 - 2011-03-05 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2012-07-28 14:19
==================== End Of Log ============================
--- --- --- Der Laptop macht im Moment keine Schwierigkeiten. Ich nutze seit Neuestem Netflix und da stürzt mir öfter das Silverlight-Plugin ab, ich weiß aber nicht, ob es das ohnehin oft macht, habe da keinen Vergleich... |
|
29.10.2014, 08:46
| #11 |
| /// the machine /// TB-Ausbilder | Windows 7: Malwarefund durch Malwarebytes Netflix kenne ich gar nit. Ansonsten sind wir durch. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.10.2014, 11:22
| #12 |
| | Windows 7: Malwarefund durch Malwarebytes Netflix ist ein VideoOnDemand-Portal, wenig aktuelle Filme, wenig sehenswerte Serien, braucht man also nicht kennen... Ich gebs zu, ich war in letzter Zeit etwas Updatefaul.  ...ich gelobe Besserung! Herzlichsten Dank für Deine Hilfe!  Viele Grüße und eine schöne Restwoche! Lars |
|
29.10.2014, 20:34
| #13 |
| /// the machine /// TB-Ausbilder | Windows 7: Malwarefund durch Malwarebytes Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Malwarefund durch Malwarebytes |
| abend, andere, anhänge, archiv, escan, feststellen, gen, guten, hänge, laptop, logdateien, malwarebyte, malwarebytes, malwarefund, schonmal, schwierigkeiten, stelle, system, veränderungen, windows, windows 7, zu lang |
Linear-Darstellung
