Windows 7: Webseiten werden auf Werbung umgeleitet

Matty33 · 01.04.2015, 23:37

Hallo,

bin neu hier (auf Empfehlung meiner PC-affinen Schwester) und habe folgendes Problem:
- seit ich heute den Flash Player aktualisiert habe, öffnet Firefox massenweise Websiten
- mein Virenscanner (aktuelle Bit-Defender-Version) meldet mir Warnungen in noch größerer Zahl (z. B. 2 Minuten surfen => ca. 30 neue Meldungen)
- Text etwa "Infizierte Website gefunden" und bei Anklicken "Die Website ... ist mit Malware infiziert. Die Website wurde durch den Malware-Filter blockiert und ist wieder sicher"
- Habe mir Malwarebytes heruntergeladen, drüberlaufen lassen. Ergebnis waren ca. 200 entdeckte Objekte. Dummerweise habe ich mir kein Protokoll abgespeichert (so es denn eine Möglichkeit dafür gab - ich hatte nicht darauf geachtet)
- Habe Malwarebytes dann entfernt, erneut aufgespielt, gescannt - kein Objekt wurde mehr entdeckt
- Der Flash Player wurde per Revo Uninstaller entfernt, das Problem blieb
- Bitdefender hat auch noch ein Microsoft Framework 4.5.2 Upgrade Sprachpaket als Schwachstelle ausgemacht, empfahl mir die Installation von Upgrades. Das dauerte ewig, wurde abgebrochen. Werde jetzt - endlich - etwas schlafen und diesen Upgrade nachts laufen lassen.
- Defogger, FRST und Addition habe ich angehängt (hoffentlich richtig, bin kein PC-Spezialist), bei GMER müsste ich 3 Beiträge schreiben, da meiner 294198 Zeichen hat. Hier warte ich lieber mal ab, was mir mein Helfer vorschlägt.

Freue mich, wenn das Problem ohne Neukauf eines Rechners (hier: Laptop) lösbar ist. Vielen Dank (auch für Hinweise zu einer ggf. korrekteren Vorgehensweise hier) und

herzliche Grüße

Matty33

cosinus · 02.04.2015, 00:00

Hi und

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Matty33 · 02.04.2015, 04:28

Danke!

Hier also meine Logs, in Text und Raute-Zeichen integriert:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:41 on 01/04/2015 (Maddäs)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Maddäs (administrator) on MADDÄS-PC on 01-04-2015 23:02:52
Running from C:\Users\Maddäs\Downloads
Loaded Profiles: Maddäs (Available profiles: Maddäs)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1689576 2015-02-24] (Bitdefender)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1050519430-933015278-2871175751-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-24] (Bitdefender)
HKU\S-1-5-21-1050519430-933015278-2871175751-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51411;https=127.0.0.1:51411
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1050519430-933015278-2871175751-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1050519430-933015278-2871175751-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1050519430-933015278-2871175751-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1050519430-933015278-2871175751-1001 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PR9UIyGur&loc=skw&search={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547
FF Homepage: www.spielbox.de
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: 551f29203c1911e1b86c0800200c9a66jetpack - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\551f2920-3c19-11e1-b86c-0800200c9a66@jetpack [2015-04-01]
FF Extension: NetVideoHunter - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\netvideohunter@netvideohunter.com [2015-03-04]
FF Extension: new game - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\QqftOZ@gmail.com [2015-04-01]
FF Extension: ProxTube - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\ich@maltegoetz.de.xpi [2014-09-30]
FF Extension: Video DownloadHelper - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-15]
FF Extension: Adblock Plus - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-11]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-11-08]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-11-08]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-20] (Bitdefender)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-02-24] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-24] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-24] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-24] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155912 2015-01-20] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-24] (BitDefender S.R.L.)
S3 cpuz134; \??\C:\Users\MADDS~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 23:02 - 2015-04-01 23:03 - 00017922 _____ () C:\Users\Maddäs\Downloads\FRST.txt
2015-04-01 22:51 - 2015-04-01 23:02 - 00000000 ____D () C:\FRST
2015-04-01 22:48 - 2015-04-01 22:48 - 02095616 _____ (Farbar) C:\Users\Maddäs\Downloads\FRST64.exe
2015-04-01 22:35 - 2015-04-01 22:35 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 22:35 - 2015-04-01 22:35 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-01 22:35 - 2015-04-01 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-01 22:35 - 2015-04-01 22:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-01 22:35 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-01 22:35 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-01 22:35 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-01 21:51 - 2015-04-01 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-01 21:50 - 2015-04-01 21:50 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Maddäs\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-01 21:27 - 2015-04-01 21:27 - 00003440 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2015-04-01 21:26 - 2015-04-01 21:27 - 00000000 ____D () C:\rei
2015-04-01 21:26 - 2015-04-01 21:27 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-04-01 21:26 - 2015-04-01 21:26 - 00004278 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2015-04-01 21:26 - 2015-04-01 21:26 - 00001905 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2015-04-01 21:26 - 2015-04-01 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-04-01 21:26 - 2015-04-01 21:26 - 00000000 ____D () C:\Program Files\Reimage
2015-04-01 21:25 - 2015-04-01 21:27 - 00000156 _____ () C:\Windows\Reimage.ini
2015-04-01 19:47 - 2015-04-01 19:47 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-01 19:43 - 2015-04-01 19:43 - 01203488 _____ () C:\Users\Maddäs\Downloads\Firefox - CHIP-Installer(2).exe
2015-04-01 18:46 - 2015-04-01 22:20 - 00000666 _____ () C:\Windows\Tasks\new_game_updating_service.job
2015-04-01 18:46 - 2015-04-01 19:28 - 00000000 ____D () C:\Program Files (x86)\new game
2015-04-01 18:46 - 2015-04-01 18:46 - 00003694 _____ () C:\Windows\System32\Tasks\new_game_updating_service
2015-04-01 18:46 - 2015-04-01 18:46 - 00001012 _____ () C:\Windows\Tasks\V483t6QIzT4Ib7XPH9.job
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\Maddäs\AppData\Roaming\V483t6QIzT4Ib7XPH9
2015-03-28 15:29 - 2015-03-28 15:29 - 08843007 _____ () C:\Users\Maddäs\Downloads\Female MMA Fight  Jessica Sanchez vs Felice Herrig 2013.mp4
2015-03-28 15:28 - 2015-03-28 15:31 - 317098048 _____ () C:\Users\Maddäs\Downloads\WXC 44  Independence Christianna Daniels vs Lauren Foley Womens MMA.mp4
2015-03-25 20:14 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 20:14 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 20:14 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 20:14 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 20:14 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 20:14 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 20:14 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 20:14 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 06:10 - 2015-03-23 06:10 - 12039986 _____ () C:\Users\Maddäs\Downloads\Furious 7 Movie CLIP - Girl Fight (2015) - Vin Diesel, Michelle Rodriquez Movie HD - YouTube.mp4
2015-03-23 05:59 - 2015-03-23 05:59 - 28268463 _____ () C:\Users\Maddäs\Downloads\春山ちえり　VS　羽柴まゆみ　キャットファイト - YouTube.mp4
2015-03-22 20:41 - 2015-04-01 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-11 18:12 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 18:12 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 18:12 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 18:12 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 18:12 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 18:12 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 18:12 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 18:12 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 18:12 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 18:12 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 18:12 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 18:12 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 18:12 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 18:12 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 18:12 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 18:12 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 18:12 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 18:12 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 18:12 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 18:12 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 18:12 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 18:11 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 18:11 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 18:11 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 18:11 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 18:11 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 18:11 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 18:11 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 18:11 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 18:11 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 18:11 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 18:11 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 18:11 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 18:11 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 18:11 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 18:11 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 18:11 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 18:11 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 18:11 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 18:11 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 18:11 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 18:11 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 18:11 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 18:11 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 18:11 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 18:11 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 18:11 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 18:11 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 18:11 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 18:11 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 18:10 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 18:10 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 18:10 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 18:10 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 18:10 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 18:10 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 18:10 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 18:10 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 18:10 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 18:10 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 18:10 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 18:10 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 18:10 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 18:10 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 18:10 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 18:10 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 18:10 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 18:10 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 18:10 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 18:10 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 18:10 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 18:10 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 18:10 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 18:10 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 18:10 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 18:10 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 18:10 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 18:10 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 18:10 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 18:10 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 18:10 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 18:10 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 18:10 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 18:10 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 18:10 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 18:10 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 18:10 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 18:10 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 18:10 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 18:10 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 18:10 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 18:10 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 18:10 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 18:10 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 18:10 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 18:10 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 18:10 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 18:10 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 18:10 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 18:10 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 18:10 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 18:10 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 18:10 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 18:10 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 18:10 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 18:10 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 18:10 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 18:10 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 18:10 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 18:10 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 18:10 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 18:10 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 18:10 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 22:28 - 2012-02-25 23:26 - 01088575 _____ () C:\Windows\WindowsUpdate.log
2015-04-01 22:27 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-01 22:27 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-01 22:25 - 2012-02-26 08:15 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-04-01 22:25 - 2012-02-26 08:15 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-04-01 22:25 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 22:19 - 2013-09-05 05:25 - 00079082 _____ () C:\Windows\setupact.log
2015-04-01 22:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-01 22:18 - 2013-09-12 14:42 - 00202908 _____ () C:\Windows\PFRO.log
2015-04-01 22:18 - 2011-10-27 14:02 - 00000000 ____D () C:\Windows\th
2015-04-01 22:16 - 2014-10-13 06:32 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-04-01 22:16 - 2013-05-04 15:57 - 00000000 ____D () C:\Windows\SysWOW64\WNLT
2015-04-01 22:16 - 2013-05-04 15:57 - 00000000 ____D () C:\Windows\SysWOW64\ARFC
2015-04-01 22:05 - 2013-04-19 05:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-01 20:56 - 2014-10-17 15:21 - 00000000 ____D () C:\Users\Maddäs\AppData\Local\Adobe
2015-04-01 20:55 - 2013-04-19 05:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-01 20:55 - 2012-07-08 17:31 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-01 20:55 - 2011-10-27 14:12 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-01 20:14 - 2012-09-10 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-01 20:04 - 2014-02-25 22:29 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-01 19:47 - 2012-09-10 20:10 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-31 20:12 - 2012-07-14 07:00 - 00000000 ____D () C:\Users\Maddäs\Desktop\Karin
2015-03-29 19:16 - 2012-07-14 06:58 - 00000000 ____D () C:\Users\Maddäs\Desktop\Spielerunde
2015-03-26 04:03 - 2014-12-11 03:00 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 04:03 - 2014-05-06 12:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 06:02 - 2012-08-22 19:32 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2015-03-24 22:23 - 2014-04-28 14:58 - 00001119 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-03-24 22:23 - 2012-08-22 19:32 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-03-17 18:34 - 2014-11-04 18:51 - 00000000 ____D () C:\Users\Maddäs\dwhelper
2015-03-15 20:58 - 2014-10-31 14:59 - 00000000 ____D () C:\Users\Maddäs\Desktop\Persönliches
2015-03-15 10:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 21:56 - 2015-03-01 11:41 - 00000000 ____D () C:\Users\Maddäs\Desktop\Schnuckel-Verkauf
2015-03-12 06:09 - 2009-07-14 06:45 - 00366120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 06:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 06:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 23:50 - 2012-08-16 08:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 23:44 - 2013-08-14 08:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 23:37 - 2013-03-21 06:12 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-06 22:22 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Maddäs\AppData\Roaming\V483t6QIzT4Ib7XPH9
2012-07-09 19:36 - 2012-07-09 19:36 - 0000094 _____ () C:\Users\Maddäs\AppData\Local\fusioncache.dat
2012-07-07 19:10 - 2012-07-07 19:10 - 0017408 _____ () C:\Users\Maddäs\AppData\Local\WebpageIcons.db
2014-11-08 17:10 - 2014-11-08 17:10 - 1096324 _____ () C:\ProgramData\1415456962.bdinstall.bin
2012-02-25 23:39 - 2012-02-25 23:42 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-09-22 08:11 - 2012-09-22 08:12 - 0000033 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\Maddäs\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Maddäs\AppData\Local\Temp\ReiSysUpdate.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 06:51

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Maddäs at 2015-04-01 23:03:51
Running from C:\Users\Maddäs\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0530.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.17.0.1227 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0 (x86 de)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Photomatix Pro version 4.0.2 (HKLM-x32\...\PhotomatixPro4.0x32_is1) (Version: 4.0.2 - HDRsoft Sarl)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.1.4 - Reimage) <==== ATTENTION
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
SweetIM for Messenger 3.7 (x32 Version: 3.7.0007 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.17.5 - Synaptics Incorporated)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-03-2015 20:32:04 Geplanter Prüfpunkt
11-03-2015 23:33:40 Windows Update
19-03-2015 23:48:18 Geplanter Prüfpunkt
25-03-2015 21:24:30 Windows Update
01-04-2015 19:51:42 Revo Uninstaller's restore point - Adobe Flash Player 17 NPAPI
01-04-2015 19:54:55 Revo Uninstaller's restore point - Adobe Flash Player 16 ActiveX
01-04-2015 19:59:32 Windows Update
01-04-2015 20:26:43 Windows Update
01-04-2015 22:21:52 Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 2.1.4.1018

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08D16BC6-2B4C-4DE2-8C48-5EA26DDDBC9E} - System32\Tasks\new_game_updating_service => C:\Program Files (x86)\new game\new_game_updating_service.exe [2015-04-01] ()
Task: {3D3057BA-82BA-4227-A985-98C4847EB91C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4D1AFFDC-54A0-4AA5-A805-369E7249E20F} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
Task: {4EF3FA61-6E01-4D25-98D5-0434373E5C3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {611B8D2C-0E0B-41C9-886B-F77B5D415FC0} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2015-03-16] (Reimage ltd.) <==== ATTENTION
Task: {78CBDA9A-4B07-4400-B7D5-7AF1D37750B2} - \new_game_notification_service No Task File <==== ATTENTION
Task: {86063057-714F-49BA-890D-35D6CA58F967} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {B0414489-3A0B-4943-8AD9-9B629BB5C3A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {B7923AFF-F1B6-4C53-85D7-191AABC14559} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {FCBADC99-BB74-4424-A548-BBD88CB3F5F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-01] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\new_game_updating_service.job => C:\Program Files (x86)\new game\new_game_updating_service.exe© /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=new_game_updating_service /funurl=http:/stats.buildomserv.com
Task: C:\Windows\Tasks\V483t6QIzT4Ib7XPH9.job => C:\Users\Maddýÿs\AppData\Roaming\V483t6QIzT4Ib7XPH9.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-08 16:56 - 2014-08-27 17:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-11-08 16:56 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-11-08 16:56 - 2014-10-15 13:08 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-11-08 16:56 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-02-06 15:26 - 2015-02-06 15:26 - 00784712 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttpbr.mdl
2015-02-06 15:26 - 2015-02-06 15:26 - 00573544 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttpdsp.mdl
2015-02-06 15:26 - 2015-02-06 15:26 - 02657264 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttpph.mdl
2015-02-06 15:26 - 2015-02-06 15:26 - 01331648 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttprbl.mdl
2015-01-14 12:07 - 2015-01-14 12:07 - 06757728 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2011-10-27 14:06 - 2011-08-09 01:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-12 17:43 - 2012-09-25 12:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2015-01-20 17:53 - 2015-02-24 19:24 - 00471056 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdidntconp.dll
2015-01-20 17:52 - 2015-02-24 19:25 - 00188416 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\ui\bdidntconp.ui
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-01-12 17:41 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-04-01 20:55 - 2015-04-01 20:55 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Maddäs\Downloads\ConvertHelperSetup.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\driverscanner.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\Firefox - CHIP-Installer(2).exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\mbam-setup-2.1.4.1018.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\PDFCreator-1_7_2_setup.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1050519430-933015278-2871175751-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Maddäs\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BBSvc => 3
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1050519430-933015278-2871175751-500 - Administrator - Disabled)
Gast (S-1-5-21-1050519430-933015278-2871175751-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1050519430-933015278-2871175751-1002 - Limited - Enabled)
Maddäs (S-1-5-21-1050519430-933015278-2871175751-1001 - Administrator - Enabled) => C:\Users\Maddäs

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2015 10:20:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 09:08:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 08:16:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 08:12:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm DllHost.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12bc

Startzeit: 01d06ca56f04967f

Endzeit: 0

Anwendungspfad: C:\Windows\system32\DllHost.exe

Berichts-ID:

Error: (04/01/2015 07:26:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 06:46:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.4.5557, Zeitstempel: 0x550d0883
Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.4.5557, Zeitstempel: 0x550cfa82
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001e02
ID des fehlerhaften Prozesses: 0x103c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (04/01/2015 05:14:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 05:01:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 04:22:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 05:17:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/01/2015 10:19:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.

Error: (04/01/2015 10:17:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/01/2015 09:07:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.

Error: (04/01/2015 09:05:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/01/2015 08:13:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/01/2015 07:25:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.

Error: (04/01/2015 05:14:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.

Error: (04/01/2015 05:39:41 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (03/31/2015 08:49:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (03/31/2015 04:22:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================
Error: (04/01/2015 10:20:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 09:08:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 08:16:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 08:12:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: DllHost.exe6.1.7600.1638512bc01d06ca56f04967f0C:\Windows\system32\DllHost.exe

Error: (04/01/2015 07:26:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 06:46:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.4.5557550d0883mozalloc.dll36.0.4.5557550cfa828000000300001e02103c01d06c9023e8cf5eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll9f861054-d88e-11e4-af68-e840f25b43b7

Error: (04/01/2015 05:14:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 05:01:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 04:22:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 05:17:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-11-08 09:54:48.720
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 09:54:48.710
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 09:54:48.710
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 09:54:48.680
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 09:54:48.680
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 09:54:48.670
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-07 10:58:26.715
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-07 10:58:26.715
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-07 10:58:26.705
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-07 10:58:26.685
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 69%
Total physical RAM: 3764.86 MB
Available physical RAM: 1161.11 MB
Total Pagefile: 7527.91 MB
Available Pagefile: 4273.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.49 GB) (Free:84.96 GB) NTFS
Drive j: () (Removable) (Total:0.47 GB) (Free:0.45 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2B7B485D)
Partition 1: (Not Active) - (Size=13.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 483.9 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Matty33 · 02.04.2015, 04:38

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Maddäs (administrator) on MADDÄS-PC on 01-04-2015 23:02:52
Running from C:\Users\Maddäs\Downloads
Loaded Profiles: Maddäs (Available profiles: Maddäs)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1689576 2015-02-24] (Bitdefender)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1050519430-933015278-2871175751-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-24] (Bitdefender)
HKU\S-1-5-21-1050519430-933015278-2871175751-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51411;https=127.0.0.1:51411
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1050519430-933015278-2871175751-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1050519430-933015278-2871175751-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1050519430-933015278-2871175751-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1050519430-933015278-2871175751-1001 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PR9UIyGur&loc=skw&search={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547
FF Homepage: www.spielbox.de
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: 551f29203c1911e1b86c0800200c9a66jetpack - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\551f2920-3c19-11e1-b86c-0800200c9a66@jetpack [2015-04-01]
FF Extension: NetVideoHunter - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\netvideohunter@netvideohunter.com [2015-03-04]
FF Extension: new game - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\QqftOZ@gmail.com [2015-04-01]
FF Extension: ProxTube - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\ich@maltegoetz.de.xpi [2014-09-30]
FF Extension: Video DownloadHelper - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-15]
FF Extension: Adblock Plus - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-11]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-11-08]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-11-08]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-20] (Bitdefender)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-02-24] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-24] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-24] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-24] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155912 2015-01-20] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-24] (BitDefender S.R.L.)
S3 cpuz134; \??\C:\Users\MADDS~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 23:02 - 2015-04-01 23:03 - 00017922 _____ () C:\Users\Maddäs\Downloads\FRST.txt
2015-04-01 22:51 - 2015-04-01 23:02 - 00000000 ____D () C:\FRST
2015-04-01 22:48 - 2015-04-01 22:48 - 02095616 _____ (Farbar) C:\Users\Maddäs\Downloads\FRST64.exe
2015-04-01 22:35 - 2015-04-01 22:35 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 22:35 - 2015-04-01 22:35 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-01 22:35 - 2015-04-01 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-01 22:35 - 2015-04-01 22:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-01 22:35 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-01 22:35 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-01 22:35 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-01 21:51 - 2015-04-01 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-01 21:50 - 2015-04-01 21:50 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Maddäs\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-01 21:27 - 2015-04-01 21:27 - 00003440 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2015-04-01 21:26 - 2015-04-01 21:27 - 00000000 ____D () C:\rei
2015-04-01 21:26 - 2015-04-01 21:27 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-04-01 21:26 - 2015-04-01 21:26 - 00004278 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2015-04-01 21:26 - 2015-04-01 21:26 - 00001905 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2015-04-01 21:26 - 2015-04-01 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-04-01 21:26 - 2015-04-01 21:26 - 00000000 ____D () C:\Program Files\Reimage
2015-04-01 21:25 - 2015-04-01 21:27 - 00000156 _____ () C:\Windows\Reimage.ini
2015-04-01 19:47 - 2015-04-01 19:47 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-01 19:43 - 2015-04-01 19:43 - 01203488 _____ () C:\Users\Maddäs\Downloads\Firefox - CHIP-Installer(2).exe
2015-04-01 18:46 - 2015-04-01 22:20 - 00000666 _____ () C:\Windows\Tasks\new_game_updating_service.job
2015-04-01 18:46 - 2015-04-01 19:28 - 00000000 ____D () C:\Program Files (x86)\new game
2015-04-01 18:46 - 2015-04-01 18:46 - 00003694 _____ () C:\Windows\System32\Tasks\new_game_updating_service
2015-04-01 18:46 - 2015-04-01 18:46 - 00001012 _____ () C:\Windows\Tasks\V483t6QIzT4Ib7XPH9.job
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\Maddäs\AppData\Roaming\V483t6QIzT4Ib7XPH9
2015-03-28 15:29 - 2015-03-28 15:29 - 08843007 _____ () C:\Users\Maddäs\Downloads\Female MMA Fight  Jessica Sanchez vs Felice Herrig 2013.mp4
2015-03-28 15:28 - 2015-03-28 15:31 - 317098048 _____ () C:\Users\Maddäs\Downloads\WXC 44  Independence Christianna Daniels vs Lauren Foley Womens MMA.mp4
2015-03-25 20:14 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 20:14 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 20:14 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 20:14 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 20:14 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 20:14 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 20:14 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 20:14 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 06:10 - 2015-03-23 06:10 - 12039986 _____ () C:\Users\Maddäs\Downloads\Furious 7 Movie CLIP - Girl Fight (2015) - Vin Diesel, Michelle Rodriquez Movie HD - YouTube.mp4
2015-03-23 05:59 - 2015-03-23 05:59 - 28268463 _____ () C:\Users\Maddäs\Downloads\春山ちえり　VS　羽柴まゆみ　キャットファイト - YouTube.mp4
2015-03-22 20:41 - 2015-04-01 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-11 18:12 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 18:12 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 18:12 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 18:12 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 18:12 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 18:12 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 18:12 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 18:12 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 18:12 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 18:12 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 18:12 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 18:12 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 18:12 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 18:12 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 18:12 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 18:12 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 18:12 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 18:12 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 18:12 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 18:12 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 18:12 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 18:11 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 18:11 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 18:11 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 18:11 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 18:11 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 18:11 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 18:11 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 18:11 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 18:11 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 18:11 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 18:11 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 18:11 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 18:11 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 18:11 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 18:11 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 18:11 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 18:11 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 18:11 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 18:11 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 18:11 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 18:11 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 18:11 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 18:11 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 18:11 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 18:11 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 18:11 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 18:11 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 18:11 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 18:11 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 18:10 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 18:10 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 18:10 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 18:10 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 18:10 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 18:10 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 18:10 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 18:10 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 18:10 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 18:10 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 18:10 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 18:10 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 18:10 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 18:10 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 18:10 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 18:10 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 18:10 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 18:10 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 18:10 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 18:10 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 18:10 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 18:10 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 18:10 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 18:10 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 18:10 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 18:10 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 18:10 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 18:10 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 18:10 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 18:10 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 18:10 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 18:10 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 18:10 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 18:10 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 18:10 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 18:10 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 18:10 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 18:10 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 18:10 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 18:10 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 18:10 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 18:10 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 18:10 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 18:10 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 18:10 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 18:10 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 18:10 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 18:10 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 18:10 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 18:10 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 18:10 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 18:10 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 18:10 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 18:10 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 18:10 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 18:10 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 18:10 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 18:10 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 18:10 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 18:10 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 18:10 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 18:10 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 18:10 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 22:28 - 2012-02-25 23:26 - 01088575 _____ () C:\Windows\WindowsUpdate.log
2015-04-01 22:27 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-01 22:27 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-01 22:25 - 2012-02-26 08:15 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-04-01 22:25 - 2012-02-26 08:15 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-04-01 22:25 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 22:19 - 2013-09-05 05:25 - 00079082 _____ () C:\Windows\setupact.log
2015-04-01 22:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-01 22:18 - 2013-09-12 14:42 - 00202908 _____ () C:\Windows\PFRO.log
2015-04-01 22:18 - 2011-10-27 14:02 - 00000000 ____D () C:\Windows\th
2015-04-01 22:16 - 2014-10-13 06:32 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-04-01 22:16 - 2013-05-04 15:57 - 00000000 ____D () C:\Windows\SysWOW64\WNLT
2015-04-01 22:16 - 2013-05-04 15:57 - 00000000 ____D () C:\Windows\SysWOW64\ARFC
2015-04-01 22:05 - 2013-04-19 05:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-01 20:56 - 2014-10-17 15:21 - 00000000 ____D () C:\Users\Maddäs\AppData\Local\Adobe
2015-04-01 20:55 - 2013-04-19 05:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-01 20:55 - 2012-07-08 17:31 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-01 20:55 - 2011-10-27 14:12 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-01 20:14 - 2012-09-10 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-01 20:04 - 2014-02-25 22:29 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-01 19:47 - 2012-09-10 20:10 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-31 20:12 - 2012-07-14 07:00 - 00000000 ____D () C:\Users\Maddäs\Desktop\Karin
2015-03-29 19:16 - 2012-07-14 06:58 - 00000000 ____D () C:\Users\Maddäs\Desktop\Spielerunde
2015-03-26 04:03 - 2014-12-11 03:00 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 04:03 - 2014-05-06 12:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 06:02 - 2012-08-22 19:32 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2015-03-24 22:23 - 2014-04-28 14:58 - 00001119 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-03-24 22:23 - 2012-08-22 19:32 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-03-17 18:34 - 2014-11-04 18:51 - 00000000 ____D () C:\Users\Maddäs\dwhelper
2015-03-15 20:58 - 2014-10-31 14:59 - 00000000 ____D () C:\Users\Maddäs\Desktop\Persönliches
2015-03-15 10:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 21:56 - 2015-03-01 11:41 - 00000000 ____D () C:\Users\Maddäs\Desktop\Schnuckel-Verkauf
2015-03-12 06:09 - 2009-07-14 06:45 - 00366120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 06:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 06:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 23:50 - 2012-08-16 08:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 23:44 - 2013-08-14 08:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 23:37 - 2013-03-21 06:12 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-06 22:22 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Maddäs\AppData\Roaming\V483t6QIzT4Ib7XPH9
2012-07-09 19:36 - 2012-07-09 19:36 - 0000094 _____ () C:\Users\Maddäs\AppData\Local\fusioncache.dat
2012-07-07 19:10 - 2012-07-07 19:10 - 0017408 _____ () C:\Users\Maddäs\AppData\Local\WebpageIcons.db
2014-11-08 17:10 - 2014-11-08 17:10 - 1096324 _____ () C:\ProgramData\1415456962.bdinstall.bin
2012-02-25 23:39 - 2012-02-25 23:42 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-09-22 08:11 - 2012-09-22 08:12 - 0000033 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\Maddäs\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Maddäs\AppData\Local\Temp\ReiSysUpdate.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 06:51

==================== End Of Log ============================

--- --- ---

Matty33 · 02.04.2015, 04:39

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-01 23:38:28
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\MADDS~1\AppData\Local\Temp\pxdiypob.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                              00000000778a1570 6 bytes [48, B8, F0, 12, AC, 01]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                          00000000778a1578 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[972] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1                                                                 00000000776cb7e1 11 bytes [B8, F0, 12, 1D, 01, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000778892d1 5 bytes [B8, 39, 69, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                        00000000778892d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                             00000000778a1330 6 bytes [48, B8, B9, EA, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                         00000000778a1338 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000778a13a0 6 bytes [48, B8, 39, BD, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000778a13a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000778a1470 6 bytes [48, B8, F9, A9, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000778a1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000778a1510 6 bytes [48, B8, F9, 32, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000778a1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000778a1530 6 bytes [48, B8, 39, 1C, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000778a1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000778a1550 6 bytes [48, B8, F9, 1D, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000778a1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000778a1570 6 bytes [48, B8, 39, A8, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000778a1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                           00000000778a1620 6 bytes [48, B8, 39, E7, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                       00000000778a1628 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000778a1650 6 bytes [48, B8, 79, 2F, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000778a1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000778a1670 6 bytes [48, B8, 79, 36, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000778a1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000778a1700 6 bytes [48, B8, B9, 34, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000778a1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                         00000000778a1750 6 bytes [48, B8, 79, EC, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                     00000000778a1758 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000778a1780 6 bytes [48, B8, 39, 2A, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000778a1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000778a1790 6 bytes [48, B8, B9, 26, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000778a1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                            00000000778a1800 6 bytes [48, B8, F9, E8, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                        00000000778a1808 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                           00000000778a18b0 6 bytes [48, B8, F9, EF, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                       00000000778a18b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                          00000000778a1c80 6 bytes [48, B8, 79, E5, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                      00000000778a1c88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000778a1cd0 6 bytes [48, B8, 79, 28, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000778a1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000778a1d30 6 bytes [48, B8, F9, 24, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000778a1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000778a20a0 6 bytes [48, B8, F9, BE, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000778a20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000778a25e0 6 bytes [48, B8, 79, 83, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000778a25e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000778a27e0 6 bytes [48, B8, 39, 31, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000778a27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000778a29a0 6 bytes [48, B8, B9, C0, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000778a29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000778a2a80 6 bytes [48, B8, 79, 3D, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000778a2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000778a2a90 6 bytes [48, B8, B9, 3B, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000778a2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                    00000000778a2aa0 6 bytes [48, B8, 39, EE, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                00000000778a2aa8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                  0000000077913201 11 bytes [B8, 39, 85, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1236] c:\windows\system32\DNSAPI.dll!DnsQuery_UTF8                                                                                                          000007fefcc756e0 12 bytes [48, B8, F9, C5, 0E, 76, 00, ...]
.text    C:\Windows\System32\svchost.exe[1236] c:\windows\system32\DNSAPI.dll!DnsQuery_W                                                                                                             000007fefcc8010c 12 bytes [48, B8, 39, C4, 0E, 76, 00, ...]
.text    C:\Windows\System32\svchost.exe[1236] c:\windows\system32\DNSAPI.dll!DnsQuery_A                                                                                                             000007fefcc9daa0 12 bytes [48, B8, 79, C2, 0E, 76, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000778892d1 5 bytes [B8, 39, 69, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                        00000000778892d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                             00000000778a1330 6 bytes [48, B8, B9, EA, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                         00000000778a1338 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000778a13a0 6 bytes [48, B8, 39, BD, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000778a13a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000778a1470 6 bytes [48, B8, F9, A9, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000778a1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000778a1510 6 bytes [48, B8, F9, 32, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000778a1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000778a1530 6 bytes [48, B8, 39, 1C, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000778a1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000778a1550 6 bytes [48, B8, F9, 1D, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000778a1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000778a1570 6 bytes [48, B8, 39, A8, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000778a1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                           00000000778a1620 6 bytes [48, B8, 39, E7, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                       00000000778a1628 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000778a1650 6 bytes [48, B8, 79, 2F, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000778a1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000778a1670 6 bytes [48, B8, 79, 36, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000778a1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000778a1700 6 bytes [48, B8, B9, 34, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000778a1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                         00000000778a1750 6 bytes [48, B8, 79, EC, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                     00000000778a1758 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000778a1780 6 bytes [48, B8, 39, 2A, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000778a1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000778a1790 6 bytes [48, B8, B9, 26, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000778a1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                            00000000778a1800 6 bytes [48, B8, F9, E8, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                        00000000778a1808 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                           00000000778a18b0 6 bytes [48, B8, F9, EF, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                       00000000778a18b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                          00000000778a1c80 6 bytes [48, B8, 79, E5, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                      00000000778a1c88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000778a1cd0 6 bytes [48, B8, 79, 28, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000778a1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000778a1d30 6 bytes [48, B8, F9, 24, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000778a1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000778a20a0 6 bytes [48, B8, F9, BE, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000778a20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000778a25e0 6 bytes [48, B8, 79, 83, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000778a25e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000778a27e0 6 bytes [48, B8, 39, 31, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000778a27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000778a29a0 6 bytes [48, B8, B9, C0, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000778a29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000778a2a80 6 bytes [48, B8, 79, 3D, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000778a2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000778a2a90 6 bytes [48, B8, B9, 3B, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000778a2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                    00000000778a2aa0 6 bytes [48, B8, 39, EE, 0E, 76]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                00000000778a2aa8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                  0000000077913201 11 bytes [B8, 39, 85, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077631b21 11 bytes [B8, 79, BB, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077631c10 12 bytes [48, B8, F9, 39, 0E, 76, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077632b61 8 bytes [B8, 79, D0, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077632b6a 2 bytes [50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               000000007764db80 12 bytes [48, B8, B9, 2D, 0E, 76, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  0000000077650931 11 bytes [B8, B9, E3, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000776852f1 11 bytes [B8, B9, 7A, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                0000000077685311 11 bytes [B8, 39, 77, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         000000007769a5e0 12 bytes [48, B8, B9, 81, 0E, 76, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         000000007769a6f0 12 bytes [48, B8, 39, 7E, 0E, 76, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            00000000776bf491 11 bytes [B8, 79, D7, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            00000000776bf691 11 bytes [B8, F9, D3, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      00000000776bf6c1 8 bytes [B8, F9, CC, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     00000000776bf6ca 2 bytes [50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd731861 11 bytes [B8, 79, 52, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd732db1 11 bytes [B8, 39, AF, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd733461 11 bytes [B8, F9, B0, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd738ef0 12 bytes [48, B8, 79, AD, 0E, 76, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd7394c0 12 bytes [48, B8, B9, 50, 0E, 76, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd73bfd1 11 bytes [B8, B9, AB, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd742af1 11 bytes [B8, F9, 4E, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd764350 12 bytes [48, B8, B9, 42, 0E, 76, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd770c11 11 bytes [B8, 79, C9, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd772871 8 bytes [B8, 39, 23, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd77287a 2 bytes [50, C3]
.text    C:\Windows\System32\svchost.exe[1276] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd7728b1 11 bytes [B8, F9, 40, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd731861 11 bytes [B8, 79, 52, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd732db1 11 bytes [B8, 39, AF, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd733461 11 bytes [B8, F9, B0, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd738ef0 12 bytes [48, B8, 79, AD, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd7394c0 12 bytes [48, B8, B9, 50, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd73bfd1 11 bytes [B8, B9, AB, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd742af1 11 bytes [B8, F9, 4E, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd764350 12 bytes [48, B8, B9, 42, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd770c11 11 bytes [B8, 79, C9, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd772871 8 bytes [B8, 39, 23, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd77287a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd7728b1 11 bytes [B8, F9, 40, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000778892d1 5 bytes [B8, 39, 69, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                        00000000778892d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                             00000000778a1330 6 bytes [48, B8, B9, EA, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                         00000000778a1338 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000778a13a0 6 bytes [48, B8, 39, BD, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000778a13a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000778a1470 6 bytes [48, B8, F9, A9, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000778a1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000778a1510 6 bytes [48, B8, F9, 32, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000778a1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000778a1530 6 bytes [48, B8, 39, 1C, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000778a1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000778a1550 6 bytes [48, B8, F9, 1D, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000778a1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000778a1570 6 bytes [48, B8, 39, A8, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000778a1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                           00000000778a1620 6 bytes [48, B8, 39, E7, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                       00000000778a1628 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000778a1650 6 bytes [48, B8, 79, 2F, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000778a1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000778a1670 6 bytes [48, B8, 79, 36, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000778a1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000778a1700 6 bytes [48, B8, B9, 34, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000778a1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                         00000000778a1750 6 bytes [48, B8, 79, EC, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                     00000000778a1758 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000778a1780 6 bytes [48, B8, 39, 2A, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000778a1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000778a1790 6 bytes [48, B8, B9, 26, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000778a1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                            00000000778a1800 6 bytes [48, B8, F9, E8, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                        00000000778a1808 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                           00000000778a18b0 6 bytes [48, B8, F9, EF, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                       00000000778a18b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                          00000000778a1c80 6 bytes [48, B8, 79, E5, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                      00000000778a1c88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000778a1cd0 6 bytes [48, B8, 79, 28, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000778a1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000778a1d30 6 bytes [48, B8, F9, 24, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000778a1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000778a20a0 6 bytes [48, B8, F9, BE, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000778a20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000778a25e0 6 bytes [48, B8, 79, 83, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000778a25e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000778a27e0 6 bytes [48, B8, 39, 31, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000778a27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000778a29a0 6 bytes [48, B8, B9, C0, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000778a29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000778a2a80 6 bytes [48, B8, 79, 3D, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000778a2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000778a2a90 6 bytes [48, B8, B9, 3B, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000778a2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                    00000000778a2aa0 6 bytes [48, B8, 39, EE, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                00000000778a2aa8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                  0000000077913201 11 bytes [B8, 39, 85, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077631b21 11 bytes [B8, 79, BB, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077631c10 12 bytes [48, B8, F9, 39, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077632b61 8 bytes [B8, 79, D0, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077632b6a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               000000007764db80 12 bytes [48, B8, B9, 2D, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  0000000077650931 11 bytes [B8, B9, E3, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000776852f1 11 bytes [B8, B9, 7A, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                0000000077685311 11 bytes [B8, 39, 77, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         000000007769a5e0 12 bytes [48, B8, B9, 81, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         000000007769a6f0 12 bytes [48, B8, 39, 7E, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            00000000776bf491 11 bytes [B8, 79, D7, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            00000000776bf691 11 bytes [B8, F9, D3, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      00000000776bf6c1 8 bytes [B8, F9, CC, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     00000000776bf6ca 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd731861 11 bytes [B8, 79, 52, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd732db1 11 bytes [B8, 39, AF, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd733461 11 bytes [B8, F9, B0, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd738ef0 12 bytes [48, B8, 79, AD, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd7394c0 12 bytes [48, B8, B9, 50, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd73bfd1 11 bytes [B8, B9, AB, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd742af1 11 bytes [B8, F9, 4E, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd764350 12 bytes [48, B8, B9, 42, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd770c11 11 bytes [B8, 79, C9, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd772871 8 bytes [B8, 39, 23, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd77287a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd7728b1 11 bytes [B8, F9, 40, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                   000007feff974ea1 11 bytes [B8, 79, F3, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                       000007feff9755c8 12 bytes [48, B8, B9, 6C, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                       000007feff98b85c 12 bytes [48, B8, F9, 6A, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                 000007feff98b9d0 12 bytes [48, B8, 79, 60, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                 000007feff98ba3c 12 bytes [48, B8, B9, 5E, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                            000007feff5013b1 11 bytes [B8, 79, A6, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                            000007feff5018e0 12 bytes [48, B8, B9, A4, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                         000007feff501bd1 11 bytes [B8, F9, A2, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                            000007feff502201 11 bytes [B8, 39, E0, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                           000007feff5023c0 12 bytes [48, B8, 39, 8C, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\WS2_32.dll!connect                                                                                                                000007feff5045c0 12 bytes [48, B8, 79, 67, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                               000007feff508001 11 bytes [B8, 39, A1, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                          000007feff508df0 7 bytes [48, B8, B9, 8F, 0E, 76, 00]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                      000007feff508df9 3 bytes [00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                         000007feff50c090 12 bytes [48, B8, F9, 8D, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                             000007feff50de91 11 bytes [B8, 39, D9, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                               000007feff50df41 11 bytes [B8, 79, DE, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                         000007feff52e0f1 11 bytes [B8, B9, DC, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                            000007feff5013b1 11 bytes [B8, 79, A6, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                            000007feff5018e0 12 bytes [48, B8, B9, A4, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                         000007feff501bd1 11 bytes [B8, F9, A2, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                            000007feff502201 11 bytes [B8, 39, E0, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                           000007feff5023c0 12 bytes [48, B8, 39, 8C, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\WS2_32.dll!connect                                                                                                                000007feff5045c0 12 bytes [48, B8, 79, 67, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                               000007feff508001 11 bytes [B8, 39, A1, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                          000007feff508df0 7 bytes [48, B8, B9, 8F, 0E, 76, 00]
.text    C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                      000007feff508df9 3 bytes [00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                         000007feff50c090 12 bytes [48, B8, F9, 8D, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                             000007feff50de91 11 bytes [B8, 39, D9, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                               000007feff50df41 11 bytes [B8, 79, DE, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                         000007feff52e0f1 11 bytes [B8, B9, DC, 0E, 76, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1832] C:\Windows\System32\DNSAPI.dll!DnsQuery_UTF8                                                                                                          000007fefcc756e0 12 bytes [48, B8, F9, C5, 0E, 76, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1832] C:\Windows\System32\DNSAPI.dll!DnsQuery_W                                                                                                             000007fefcc8010c 12 bytes [48, B8, 39, C4, 0E, 76, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1832] C:\Windows\System32\DNSAPI.dll!DnsQuery_A                                                                                                             000007fefcc9daa0 12 bytes [48, B8, 79, C2, 0E, 76, 00, ...]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000778892d1 5 bytes [B8, 39, 69, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                        00000000778892d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                             00000000778a1330 6 bytes [48, B8, B9, EA, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                         00000000778a1338 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000778a13a0 6 bytes [48, B8, 39, BD, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000778a13a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000778a1470 6 bytes [48, B8, F9, A9, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000778a1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000778a1510 6 bytes [48, B8, F9, 32, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000778a1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000778a1530 6 bytes [48, B8, 39, 1C, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000778a1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000778a1550 6 bytes [48, B8, F9, 1D, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000778a1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000778a1570 6 bytes [48, B8, 39, A8, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000778a1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                           00000000778a1620 6 bytes [48, B8, 39, E7, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                       00000000778a1628 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000778a1650 6 bytes [48, B8, 79, 2F, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000778a1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000778a1670 6 bytes [48, B8, 79, 36, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000778a1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000778a1700 6 bytes [48, B8, B9, 34, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000778a1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                         00000000778a1750 6 bytes [48, B8, 79, EC, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                     00000000778a1758 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000778a1780 6 bytes [48, B8, 39, 2A, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000778a1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000778a1790 6 bytes [48, B8, B9, 26, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000778a1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                            00000000778a1800 6 bytes [48, B8, F9, E8, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                        00000000778a1808 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                           00000000778a18b0 6 bytes [48, B8, F9, EF, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                       00000000778a18b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                          00000000778a1c80 6 bytes [48, B8, 79, E5, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                      00000000778a1c88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000778a1cd0 6 bytes [48, B8, 79, 28, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000778a1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000778a1d30 6 bytes [48, B8, F9, 24, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000778a1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000778a20a0 6 bytes [48, B8, F9, BE, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000778a20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000778a25e0 6 bytes [48, B8, 79, 83, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000778a25e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000778a27e0 6 bytes [48, B8, 39, 31, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000778a27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000778a29a0 6 bytes [48, B8, B9, C0, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000778a29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000778a2a80 6 bytes [48, B8, 79, 3D, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000778a2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000778a2a90 6 bytes [48, B8, B9, 3B, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000778a2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                    00000000778a2aa0 6 bytes [48, B8, 39, EE, 0E, 76]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                00000000778a2aa8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                  0000000077913201 11 bytes [B8, 39, 85, 0E, 76, 00, 00, ...]
.text    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1044] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                                       00000000767d3918 5 bytes JMP 00000001742a5579
.text    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1044] C:\Windows\syswow64\WS2_32.dll!WSASocketW                                                                                        00000000767d3cd3 5 bytes JMP 00000001742a54e1
.text    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1044] C:\Windows\syswow64\WS2_32.dll!socket                                                                                            00000000767d3eb8 5 bytes JMP 00000001742a6619
.text    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1044] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                                           00000000767d4406 5 bytes JMP 00000001742a2139
.text    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1044] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                                                                                      00000000767d4889 5 bytes JMP 00000001742a4dc1
.text    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1044] C:\Windows\syswow64\WS2_32.dll!recv                                                                                              00000000767d6b0e 5 bytes JMP 00000001742a67e1
.text    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1044] C:\Windows\syswow64\WS2_32.dll!connect                                                                                           00000000767d6bdd 1 byte JMP 00000001742a41e1
.text    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1044] C:\Windows\syswow64\WS2_32.dll!connect + 2                                                                                       00000000767d6bdf 3 bytes {CALL RBP}
.text    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1044] C:\Windows\syswow64\WS2_32.dll!send                                                                                              00000000767d6f01 5 bytes JMP 00000001742a20a1
.text    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1044] C:\Windows\syswow64\WS2_32.dll!WSARecv                                                                                           00000000767d7089 5 bytes JMP 00000001742a6879
.text    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1044] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                                                        00000000767dcc3f 5 bytes JMP 00000001742a6749
.text    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1044] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW                                                                                    00000000767dd1ea 5 bytes JMP 00000001742a4e59
.text    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1044] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                                     00000000767e7673 5 bytes JMP 00000001742a4ef1
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000778892d1 5 bytes [B8, 39, 69, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                        00000000778892d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                             00000000778a1330 6 bytes [48, B8, B9, EA, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                         00000000778a1338 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000778a13a0 6 bytes [48, B8, 39, BD, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000778a13a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000778a1470 6 bytes [48, B8, F9, A9, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000778a1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000778a1510 6 bytes [48, B8, F9, 32, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000778a1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000778a1530 6 bytes [48, B8, 39, 1C, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000778a1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000778a1550 6 bytes [48, B8, F9, 1D, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000778a1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000778a1570 6 bytes [48, B8, 39, A8, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000778a1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                           00000000778a1620 6 bytes [48, B8, 39, E7, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                       00000000778a1628 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000778a1650 6 bytes [48, B8, 79, 2F, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000778a1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000778a1670 6 bytes [48, B8, 79, 36, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000778a1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000778a1700 6 bytes [48, B8, B9, 34, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000778a1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                         00000000778a1750 6 bytes [48, B8, 79, EC, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                     00000000778a1758 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000778a1780 6 bytes [48, B8, 39, 2A, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000778a1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000778a1790 6 bytes [48, B8, B9, 26, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000778a1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                            00000000778a1800 6 bytes [48, B8, F9, E8, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                        00000000778a1808 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                           00000000778a18b0 6 bytes [48, B8, F9, EF, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                       00000000778a18b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                          00000000778a1c80 6 bytes [48, B8, 79, E5, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                      00000000778a1c88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000778a1cd0 6 bytes [48, B8, 79, 28, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000778a1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000778a1d30 6 bytes [48, B8, F9, 24, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000778a1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000778a20a0 6 bytes [48, B8, F9, BE, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000778a20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000778a25e0 6 bytes [48, B8, 79, 83, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000778a25e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000778a27e0 6 bytes [48, B8, 39, 31, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000778a27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000778a29a0 6 bytes [48, B8, B9, C0, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000778a29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000778a2a80 6 bytes [48, B8, 79, 3D, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000778a2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000778a2a90 6 bytes [48, B8, B9, 3B, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000778a2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                    00000000778a2aa0 6 bytes [48, B8, 39, EE, 0E, 76]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                00000000778a2aa8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1

Matty33 · 02.04.2015, 04:41

Code:

ATTFilter

.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                            00000000775278e2 5 bytes JMP 00000001742a4441
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                            0000000077527bd3 5 bytes JMP 00000001742a43a9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                        0000000077528a29 5 bytes JMP 00000001742a5909
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                            00000000775298fd 5 bytes JMP 00000001742a63b9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                                000000007752b6ed 5 bytes JMP 00000001742a7751
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                        000000007752d22e 5 bytes JMP 00000001742a59a1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                        000000007752ee09 5 bytes JMP 00000001742a34d1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                            000000007752ffe6 5 bytes JMP 00000001742a6289
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                          00000000775300d9 5 bytes JMP 00000001742a6321
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                           00000000775305ba 5 bytes JMP 00000001742a4571
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                             0000000077530dfb 5 bytes JMP 00000001742a5a39
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                           00000000775312a5 5 bytes JMP 00000001742a73c1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                         00000000775320ec 5 bytes JMP 00000001742a5dc9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                           0000000077533baa 5 bytes JMP 00000001742a7329
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                           0000000077535f74 5 bytes JMP 00000001742a44d9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                         0000000077536285 5 bytes JMP 00000001742a4bf9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                      0000000077537603 5 bytes JMP 00000001742a2be9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                         0000000077537aee 5 bytes JMP 00000001742a5d31
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                      000000007753835c 5 bytes JMP 00000001742a2b51
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                             000000007754ce54 5 bytes JMP 00000001742a5b69
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                    000000007754f52b 5 bytes JMP 00000001742a4c91
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                          000000007754f588 5 bytes JMP 00000001742a6451
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                          00000000775510a0 5 bytes JMP 00000001742a5ad1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                          000000007757fcd6 5 bytes JMP 00000001742a5c01
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                          000000007757fcfa 5 bytes JMP 00000001742a5c99
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                             000000007643a472 5 bytes JMP 00000001742a77e9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                             00000000764427ce 5 bytes JMP 00000001742a1be1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                           000000007644e6cf 5 bytes JMP 00000001742a1b49
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                         000000007638c9ec 5 bytes JMP 00000001742a3c89
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                         0000000076392b70 5 bytes JMP 00000001742a3bf1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                   000000007639361c 5 bytes JMP 00000001742a40b1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                  0000000076394965 5 bytes JMP 00000001742a7881
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                       00000000763a70c4 5 bytes JMP 00000001742a4311
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                       00000000763a70dc 5 bytes JMP 00000001742a3e51
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                        00000000763a70f4 5 bytes JMP 00000001742a3ee9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                 00000000763c31f4 5 bytes JMP 00000001742a3f81
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                 00000000763c3204 5 bytes JMP 00000001742a4019
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                    00000000763c3214 5 bytes JMP 00000001742a3d21
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                    00000000763c3224 5 bytes JMP 00000001742a3db9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2344] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                       00000000763c3264 5 bytes JMP 00000001742a4279
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                      0000000077a4f928 5 bytes JMP 00000001742a7589
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                          0000000077a4f9e0 5 bytes JMP 00000001742a6619
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                          0000000077a4fb28 5 bytes JMP 00000001742a6029
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                    0000000077a4fc20 5 bytes JMP 00000001742a31d9
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                               0000000077a4fc50 5 bytes JMP 00000001742a15f1
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                             0000000077a4fc80 5 bytes JMP 00000001742a1689
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                               0000000077a4fcb0 5 bytes JMP 00000001742a5f91
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                    0000000077a4fdc8 5 bytes JMP 00000001742a74f1
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                             0000000077a4fe14 5 bytes JMP 00000001742a30a9
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                0000000077a4fe44 5 bytes JMP 00000001742a3309
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                 0000000077a4ff24 5 bytes JMP 00000001742a3271
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                  0000000077a4ffa4 5 bytes JMP 00000001742a7621
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                0000000077a4ffec 5 bytes JMP 00000001742a2ee1
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                   0000000077a50004 5 bytes JMP 00000001742a2db1
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                     0000000077a500b4 5 bytes JMP 00000001742a1ed9
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                    0000000077a501c4 5 bytes JMP 00000001742a2301
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                   0000000077a5079c 5 bytes JMP 00000001742a7459
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                  0000000077a50814 5 bytes JMP 00000001742a2e49
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                 0000000077a508a4 5 bytes JMP 00000001742a2d19
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                     0000000077a50df4 5 bytes JMP 00000001742a66b1
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                 0000000077a51604 5 bytes JMP 00000001742a4ac9
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                               0000000077a51920 5 bytes JMP 00000001742a3141
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                           0000000077a51be4 5 bytes JMP 00000001742a6749
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                 0000000077a51d54 5 bytes JMP 00000001742a3439
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                  0000000077a51d70 5 bytes JMP 00000001742a33a1
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                             0000000077a51d8c 5 bytes JMP 00000001742a76b9
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                     0000000077a51ee8 5 bytes JMP 00000001742a7291
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                       0000000077a688c4 5 bytes JMP 00000001742a1ab1
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                     0000000077a90d3b 5 bytes JMP 00000001742a2009
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                               0000000077ad860f 5 bytes JMP 00000001742a4b61
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                       0000000077ade8ab 5 bytes JMP 00000001742a1f71
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                               00000000755a0e00 5 bytes JMP 00000001742a1da9
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                00000000755a1072 5 bytes JMP 00000001742a2a21
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                  00000000755a499f 5 bytes JMP 00000001742a25f9
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                        00000000755b3bbb 5 bytes JMP 00000001742a3011
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                         00000000755b9aa4 5 bytes JMP 00000001742a6f01
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                   00000000755b9b05 5 bytes JMP 00000001742a6ca1
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                      00000000755c7327 5 bytes JMP 00000001742a2729
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                                00000000755c88da 5 bytes JMP 00000001742a6581
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                   00000000755cccb1 5 bytes JMP 00000001742a6b71
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                         00000000755cccd1 5 bytes JMP 00000001742a6dd1
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                       0000000075622ff1 5 bytes JMP 00000001742a28f1
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                             000000007564748b 5 bytes JMP 00000001742a46a1
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                             00000000756474ae 5 bytes JMP 00000001742a47d1
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                  0000000075647859 5 bytes JMP 00000001742a4901
.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[2416] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                  00000000756478d2 5 bytes JMP 00000001742a4a31
.text    C:\Program Files (x86)\PDF Architect\ConversionService.exe[2452] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                              000000007638c9ec 5 bytes JMP 00000001742a3c89
.text    C:\Program Files (x86)\PDF Architect\ConversionService.exe[2452] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                              0000000076392b70 5 bytes JMP 00000001742a3bf1
.text    C:\Program Files (x86)\PDF Architect\ConversionService.exe[2452] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                        000000007639361c 5 bytes JMP 00000001742a40b1
.text    C:\Program Files (x86)\PDF Architect\ConversionService.exe[2452] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                       0000000076394965 5 bytes JMP 00000001742a7881
.text    C:\Program Files (x86)\PDF Architect\ConversionService.exe[2452] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                            00000000763a70c4 5 bytes JMP 00000001742a4311
.text    C:\Program Files (x86)\PDF Architect\ConversionService.exe[2452] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                            00000000763a70dc 5 bytes JMP 00000001742a3e51
.text    C:\Program Files (x86)\PDF Architect\ConversionService.exe[2452] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                             00000000763a70f4 5 bytes JMP 00000001742a3ee9
.text    C:\Program Files (x86)\PDF Architect\ConversionService.exe[2452] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                      00000000763c31f4 5 bytes JMP 00000001742a3f81
.text    C:\Program Files (x86)\PDF Architect\ConversionService.exe[2452] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                      00000000763c3204 5 bytes JMP 00000001742a4019
.text    C:\Program Files (x86)\PDF Architect\ConversionService.exe[2452] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                         00000000763c3214 5 bytes JMP 00000001742a3d21
.text    C:\Program Files (x86)\PDF Architect\ConversionService.exe[2452] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                         00000000763c3224 5 bytes JMP 00000001742a3db9
.text    C:\Program Files (x86)\PDF Architect\ConversionService.exe[2452] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                            00000000763c3264 5 bytes JMP 00000001742a4279
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                                00000000778892d1 5 bytes [B8, F9, 55, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                                00000000778892d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                         00000000778a1470 6 bytes [48, B8, F9, 5C, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                     00000000778a1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                   00000000778a1510 6 bytes [48, B8, F9, 32, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                               00000000778a1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                              00000000778a1530 6 bytes [48, B8, 39, 1C, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                          00000000778a1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                            00000000778a1550 6 bytes [48, B8, F9, 1D, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                        00000000778a1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                              00000000778a1570 6 bytes [48, B8, 39, 5B, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                          00000000778a1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                   00000000778a1620 6 bytes [48, B8, F9, 7F, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                               00000000778a1628 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                            00000000778a1650 6 bytes [48, B8, 79, 2F, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                        00000000778a1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                               00000000778a1670 6 bytes [48, B8, 79, 36, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                           00000000778a1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                00000000778a1700 6 bytes [48, B8, B9, 34, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                            00000000778a1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                 00000000778a1750 6 bytes [48, B8, B9, 81, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                             00000000778a1758 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                               00000000778a1780 6 bytes [48, B8, 39, 2A, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                           00000000778a1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                  00000000778a1790 6 bytes [48, B8, B9, 26, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                              00000000778a1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                   00000000778a18b0 6 bytes [48, B8, 39, 85, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                               00000000778a18b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                  00000000778a1c80 6 bytes [48, B8, 39, 7E, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                              00000000778a1c88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                 00000000778a1cd0 6 bytes [48, B8, 79, 28, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                             00000000778a1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                00000000778a1d30 6 bytes [48, B8, F9, 24, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                            00000000778a1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                    00000000778a20a0 6 bytes [48, B8, B9, 5E, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                                00000000778a20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                              00000000778a27e0 6 bytes [48, B8, 39, 31, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                          00000000778a27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                          00000000778a29a0 6 bytes [48, B8, 79, 60, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                      00000000778a29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                00000000778a2a80 6 bytes [48, B8, 79, 3D, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                            00000000778a2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                 00000000778a2a90 6 bytes [48, B8, B9, 3B, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                             00000000778a2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                            00000000778a2aa0 6 bytes [48, B8, 79, 83, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                        00000000778a2aa8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                    00000000778a2b80 6 bytes [48, B8, 79, 75, 0E, 76]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                                00000000778a2b88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                     0000000077631c10 12 bytes [48, B8, F9, 39, 0E, 76, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                              0000000077632b61 8 bytes [B8, 39, 69, 0E, 76, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                             0000000077632b6a 2 bytes [50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                       000000007764db80 12 bytes [48, B8, B9, 2D, 0E, 76, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                          0000000077650931 11 bytes [B8, B9, 73, 0E, 76, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                    00000000776bf491 11 bytes [B8, 39, 70, 0E, 76, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                    00000000776bf691 11 bytes [B8, B9, 6C, 0E, 76, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                              00000000776bf6c1 8 bytes [B8, B9, 65, 0E, 76, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                             00000000776bf6ca 2 bytes [50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                         000007fefd764350 12 bytes [48, B8, B9, 42, 0E, 76, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                       000007fefd770c11 11 bytes [B8, 39, 62, 0E, 76, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                     000007fefd772871 8 bytes [B8, 39, 23, 0E, 76, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                    000007fefd77287a 2 bytes [50, C3]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                           000007fefd7728b1 11 bytes [B8, F9, 40, 0E, 76, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                            000007fefd9d642d 11 bytes [B8, 79, 4B, 0E, 76, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                  000007fefd9d6484 12 bytes [48, B8, 39, 46, 0E, 76, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                        000007fefd9d6519 11 bytes [B8, 79, 52, 0E, 76, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                  000007fefd9d6c34 12 bytes [48, B8, 79, 44, 0E, 76, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                             000007fefd9d7ab5 11 bytes [B8, 39, 4D, 0E, 76, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                         000007fefd9d8b01 11 bytes [B8, F9, 47, 0E, 76, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                         000007fefd9d8c39 11 bytes [B8, B9, 49, 0E, 76, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2724] C:\Windows\system32\WS2_32.dll!connect                                                                                                                        000007feff5045c0 12 bytes [48, B8, 39, 54, 0E, 76, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                      0000000077631b21 11 bytes [B8, 79, D7, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                0000000077631c10 12 bytes [48, B8, F9, 39, 0E, 76, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                         0000000077632b61 8 bytes [B8, 79, EC, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                        0000000077632b6a 2 bytes [50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                  000000007764db80 12 bytes [48, B8, B9, 2D, 0E, 76, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                     0000000077650931 11 bytes [B8, B9, FF, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                   00000000776852f1 11 bytes [B8, B9, 7A, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                   0000000077685311 11 bytes [B8, 39, 77, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                            000000007769a5e0 12 bytes [48, B8, B9, 81, 0E, 76, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                            000000007769a6f0 12 bytes [48, B8, 39, 7E, 0E, 76, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                               00000000776bf491 11 bytes [B8, 79, F3, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                               00000000776bf691 11 bytes [B8, F9, EF, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                         00000000776bf6c1 8 bytes [B8, F9, E8, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                        00000000776bf6ca 2 bytes [50, C3]
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                        0000000077a4f928 5 bytes JMP 00000001742a7589
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                            0000000077a4f9e0 5 bytes JMP 00000001742a6619
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                            0000000077a4fb28 5 bytes JMP 00000001742a6029
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                      0000000077a4fc20 5 bytes JMP 00000001742a31d9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                 0000000077a4fc50 5 bytes JMP 00000001742a15f1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                               0000000077a4fc80 5 bytes JMP 00000001742a1689
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                 0000000077a4fcb0 5 bytes JMP 00000001742a5f91
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                      0000000077a4fdc8 5 bytes JMP 00000001742a74f1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                               0000000077a4fe14 5 bytes JMP 00000001742a30a9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                  0000000077a4fe44 5 bytes JMP 00000001742a3309
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                   0000000077a4ff24 5 bytes JMP 00000001742a3271
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                    0000000077a4ffa4 5 bytes JMP 00000001742a7621
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                  0000000077a4ffec 5 bytes JMP 00000001742a2ee1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                     0000000077a50004 5 bytes JMP 00000001742a2db1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                       0000000077a500b4 5 bytes JMP 00000001742a1ed9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                      0000000077a501c4 5 bytes JMP 00000001742a2301
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                     0000000077a5079c 5 bytes JMP 00000001742a7459
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                    0000000077a50814 5 bytes JMP 00000001742a2e49
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                   0000000077a508a4 5 bytes JMP 00000001742a2d19
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                       0000000077a50df4 5 bytes JMP 00000001742a66b1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                   0000000077a51604 5 bytes JMP 00000001742a4ac9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                 0000000077a51920 5 bytes JMP 00000001742a3141
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                             0000000077a51be4 5 bytes JMP 00000001742a6749
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                   0000000077a51d54 5 bytes JMP 00000001742a3439
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                    0000000077a51d70 5 bytes JMP 00000001742a33a1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                               0000000077a51d8c 5 bytes JMP 00000001742a76b9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                       0000000077a51ee8 5 bytes JMP 00000001742a7291
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                         0000000077a688c4 5 bytes JMP 00000001742a1ab1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                       0000000077a90d3b 5 bytes JMP 00000001742a2009
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                 0000000077ad860f 5 bytes JMP 00000001742a4b61
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                         0000000077ade8ab 5 bytes JMP 00000001742a1f71
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                 00000000755a0e00 5 bytes JMP 00000001742a1da9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                  00000000755a1072 5 bytes JMP 00000001742a2a21
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                    00000000755a499f 5 bytes JMP 00000001742a25f9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                          00000000755b3bbb 5 bytes JMP 00000001742a3011
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                           00000000755b9aa4 5 bytes JMP 00000001742a6f01
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                     00000000755b9b05 5 bytes JMP 00000001742a6ca1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                        00000000755c7327 5 bytes JMP 00000001742a2729
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                  00000000755c88da 5 bytes JMP 00000001742a6581
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                     00000000755cccb1 5 bytes JMP 00000001742a6b71
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                           00000000755cccd1 5 bytes JMP 00000001742a6dd1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\kernel32.dll!WinExec                                                                         0000000075622ff1 5 bytes JMP 00000001742a28f1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                               000000007564748b 5 bytes JMP 00000001742a46a1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                               00000000756474ae 5 bytes JMP 00000001742a47d1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                    0000000075647859 5 bytes JMP 00000001742a4901
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                    00000000756478d2 5 bytes JMP 00000001742a4a31
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                       00000000767d3918 5 bytes JMP 00000001742a5ef9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\WS2_32.dll!WSASocketW                                                                        00000000767d3cd3 5 bytes JMP 00000001742a5e61
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\WS2_32.dll!socket                                                                            00000000767d3eb8 5 bytes JMP 00000001742a6f99
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                           00000000767d4406 5 bytes JMP 00000001742a2139
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                                                                      00000000767d4889 5 bytes JMP 00000001742a5741
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\WS2_32.dll!recv                                                                              00000000767d6b0e 5 bytes JMP 00000001742a7161
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\WS2_32.dll!connect                                                                           00000000767d6bdd 1 byte JMP 00000001742a41e1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\WS2_32.dll!connect + 2                                                                       00000000767d6bdf 3 bytes {CALL RBP}
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\WS2_32.dll!send                                                                              00000000767d6f01 5 bytes JMP 00000001742a20a1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\WS2_32.dll!WSARecv                                                                           00000000767d7089 5 bytes JMP 00000001742a71f9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                                        00000000767dcc3f 5 bytes JMP 00000001742a70c9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW                                                                    00000000767dd1ea 5 bytes JMP 00000001742a57d9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                     00000000767e7673 5 bytes JMP 00000001742a5871
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\urlmon.dll!CreateUri + 128                                                                   0000000076632b30 5 bytes JMP 00000001742a7ae1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW                                                           000000007666f810 5 bytes JMP 00000001742a4149
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW                                                                000000007666ffd0 5 bytes JMP 00000001742a21d1
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4144] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA                                                                00000000766eef00 5 bytes JMP 00000001742a2ab9
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                          0000000077a4f928 5 bytes JMP 00000001742a7589
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                              0000000077a4f9e0 5 bytes JMP 00000001742a6619
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                              0000000077a4fb28 5 bytes JMP 00000001742a6029
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                        0000000077a4fc20 5 bytes JMP 00000001742a31d9
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                   0000000077a4fc50 5 bytes JMP 00000001742a15f1
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                 0000000077a4fc80 5 bytes JMP 00000001742a1689
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                   0000000077a4fcb0 5 bytes JMP 00000001742a5f91
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                        0000000077a4fdc8 5 bytes JMP 00000001742a74f1
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077a4fe14 5 bytes JMP 00000001742a30a9
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                    0000000077a4fe44 5 bytes JMP 00000001742a3309
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                     0000000077a4ff24 5 bytes JMP 00000001742a3271
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                      0000000077a4ffa4 5 bytes JMP 00000001742a7621
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                    0000000077a4ffec 5 bytes JMP 00000001742a2ee1
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                       0000000077a50004 5 bytes JMP 00000001742a2db1
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                         0000000077a500b4 5 bytes JMP 00000001742a1ed9
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                        0000000077a501c4 5 bytes JMP 00000001742a2301
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                       0000000077a5079c 5 bytes JMP 00000001742a7459
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                      0000000077a50814 5 bytes JMP 00000001742a2e49
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                     0000000077a508a4 5 bytes JMP 00000001742a2d19
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                         0000000077a50df4 5 bytes JMP 00000001742a66b1
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                     0000000077a51604 5 bytes JMP 00000001742a4ac9
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                   0000000077a51920 5 bytes JMP 00000001742a3141
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                               0000000077a51be4 5 bytes JMP 00000001742a6749
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                     0000000077a51d54 5 bytes JMP 00000001742a3439
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                      0000000077a51d70 5 bytes JMP 00000001742a33a1
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                 0000000077a51d8c 5 bytes JMP 00000001742a76b9
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                         0000000077a51ee8 5 bytes JMP 00000001742a7291
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                           0000000077a688c4 5 bytes JMP 00000001742a1ab1
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                         0000000077a90d3b 5 bytes JMP 00000001742a2009
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                                   0000000077ad860f 5 bytes JMP 00000001742a4b61
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                           0000000077ade8ab 5 bytes JMP 00000001742a1f71
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                                   00000000755a0e00 5 bytes JMP 00000001742a1da9
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                    00000000755a1072 5 bytes JMP 00000001742a2a21
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                      00000000755a499f 5 bytes JMP 00000001742a25f9
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                            00000000755b3bbb 5 bytes JMP 00000001742a3011
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                             00000000755b9aa4 5 bytes JMP 00000001742a6f01
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                       00000000755b9b05 5 bytes JMP 00000001742a6ca1
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                          00000000755c7327 5 bytes JMP 00000001742a2729
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                                    00000000755c88da 5 bytes JMP 00000001742a6581
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                       00000000755cccb1 5 bytes JMP 00000001742a6b71
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                             00000000755cccd1 5 bytes JMP 00000001742a6dd1
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                           0000000075622ff1 5 bytes JMP 00000001742a28f1
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                                 000000007564748b 5 bytes JMP 00000001742a46a1
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                                 00000000756474ae 5 bytes JMP 00000001742a47d1
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                      0000000075647859 5 bytes JMP 00000001742a4901
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                      00000000756478d2 5 bytes JMP 00000001742a4a31
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                                          000000007643a472 5 bytes JMP 00000001742a7751
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                                          00000000764427ce 5 bytes JMP 00000001742a1be1
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4248] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                                        000000007644e6cf 5 bytes JMP 00000001742a1b49
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                     00000000775278e2 5 bytes JMP 00000001742a4441
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                     0000000077527bd3 5 bytes JMP 00000001742a43a9
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                 0000000077528a29 5 bytes JMP 00000001742a5909
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                                     00000000775298fd 5 bytes JMP 00000001742a63b9
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                                         000000007752b6ed 5 bytes JMP 00000001742a77e9
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                 000000007752d22e 5 bytes JMP 00000001742a59a1
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                 000000007752ee09 5 bytes JMP 00000001742a34d1
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                                     000000007752ffe6 5 bytes JMP 00000001742a6289
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                                   00000000775300d9 5 bytes JMP 00000001742a6321
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                    00000000775305ba 5 bytes JMP 00000001742a4571
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                      0000000077530dfb 5 bytes JMP 00000001742a5a39
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                    00000000775312a5 5 bytes JMP 00000001742a73c1
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                                  00000000775320ec 5 bytes JMP 00000001742a5dc9
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                    0000000077533baa 5 bytes JMP 00000001742a7329
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                    0000000077535f74 5 bytes JMP 00000001742a44d9
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                  0000000077536285 5 bytes JMP 00000001742a4bf9
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                               0000000077537603 5 bytes JMP 00000001742a2be9
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                                  0000000077537aee 5 bytes JMP 00000001742a5d31
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                               000000007753835c 5 bytes JMP 00000001742a2b51
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                                      000000007754ce54 5 bytes JMP 00000001742a5b69
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                             000000007754f52b 5 bytes JMP 00000001742a4c91
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                                   000000007754f588 5 bytes JMP 00000001742a6451
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                                   00000000775510a0 5 bytes JMP 00000001742a5ad1
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                   000000007757fcd6 5 bytes JMP 00000001742a5c01
.text    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4352] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                   000000007757fcfa 5 bytes JMP 00000001742a5c99
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                       00000000778892d1 5 bytes [B8, 39, 69, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                       00000000778892d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                            00000000778a1330 6 bytes [48, B8, F9, EF, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                        00000000778a1338 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                00000000778a13a0 6 bytes [48, B8, 39, BD, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                            00000000778a13a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                00000000778a1470 6 bytes [48, B8, F9, A9, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                            00000000778a1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                          00000000778a1510 6 bytes [48, B8, F9, 32, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                      00000000778a1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                     00000000778a1530 6 bytes [48, B8, 39, 1C, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                 00000000778a1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                   00000000778a1550 6 bytes [48, B8, F9, 1D, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                               00000000778a1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                     00000000778a1570 6 bytes [48, B8, 39, A8, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                 00000000778a1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                          00000000778a1620 6 bytes [48, B8, 79, EC, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                      00000000778a1628 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                   00000000778a1650 6 bytes [48, B8, 79, 2F, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                               00000000778a1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                      00000000778a1670 6 bytes [48, B8, 79, 36, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                  00000000778a1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                       00000000778a1700 6 bytes [48, B8, B9, 34, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                   00000000778a1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                        00000000778a1750 6 bytes [48, B8, B9, F1, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                    00000000778a1758 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                      00000000778a1780 6 bytes [48, B8, 39, 2A, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                  00000000778a1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                         00000000778a1790 6 bytes [48, B8, B9, 26, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                     00000000778a1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                           00000000778a1800 6 bytes [48, B8, 39, EE, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                       00000000778a1808 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                          00000000778a18b0 6 bytes [48, B8, 39, F5, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                      00000000778a18b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                         00000000778a1c80 6 bytes [48, B8, B9, EA, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                     00000000778a1c88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                        00000000778a1cd0 6 bytes [48, B8, 79, 28, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                    00000000778a1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                       00000000778a1d30 6 bytes [48, B8, F9, 24, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                   00000000778a1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                           00000000778a20a0 6 bytes [48, B8, F9, BE, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                       00000000778a20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                       00000000778a25e0 6 bytes [48, B8, 79, 83, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                   00000000778a25e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                     00000000778a27e0 6 bytes [48, B8, 39, 31, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                 00000000778a27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                 00000000778a29a0 6 bytes [48, B8, B9, C0, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                             00000000778a29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                       00000000778a2a80 6 bytes [48, B8, 79, 3D, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                   00000000778a2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                        00000000778a2a90 6 bytes [48, B8, B9, 3B, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                    00000000778a2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                   00000000778a2aa0 6 bytes [48, B8, 79, F3, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                               00000000778a2aa8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                           00000000778a2b80 6 bytes [48, B8, 79, E5, 0E, 76]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                       00000000778a2b88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\igfxsrvc.exe[4944] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException +

Matty33 · 02.04.2015, 04:43

Code:

ATTFilter

.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                  0000000077a4f928 5 bytes JMP 00000001742a7589
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                      0000000077a4f9e0 5 bytes JMP 00000001742a6619
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                      0000000077a4fb28 5 bytes JMP 00000001742a6029
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                0000000077a4fc20 5 bytes JMP 00000001742a31d9
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                           0000000077a4fc50 5 bytes JMP 00000001742a15f1
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                         0000000077a4fc80 5 bytes JMP 00000001742a1689
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                           0000000077a4fcb0 5 bytes JMP 00000001742a5f91
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                0000000077a4fdc8 5 bytes JMP 00000001742a74f1
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                         0000000077a4fe14 5 bytes JMP 00000001742a30a9
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                            0000000077a4fe44 5 bytes JMP 00000001742a3309
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                             0000000077a4ff24 5 bytes JMP 00000001742a3271
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                              0000000077a4ffa4 5 bytes JMP 00000001742a7621
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                            0000000077a4ffec 5 bytes JMP 00000001742a2ee1
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                               0000000077a50004 5 bytes JMP 00000001742a2db1
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                 0000000077a500b4 5 bytes JMP 00000001742a1ed9
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                0000000077a501c4 5 bytes JMP 00000001742a2301
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                               0000000077a5079c 5 bytes JMP 00000001742a7459
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                              0000000077a50814 5 bytes JMP 00000001742a2e49
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                             0000000077a508a4 5 bytes JMP 00000001742a2d19
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                 0000000077a50df4 5 bytes JMP 00000001742a66b1
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                             0000000077a51604 5 bytes JMP 00000001742a4ac9
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                           0000000077a51920 5 bytes JMP 00000001742a3141
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                       0000000077a51be4 5 bytes JMP 00000001742a6749
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                             0000000077a51d54 5 bytes JMP 00000001742a3439
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                              0000000077a51d70 5 bytes JMP 00000001742a33a1
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                         0000000077a51d8c 5 bytes JMP 00000001742a76b9
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                 0000000077a51ee8 5 bytes JMP 00000001742a7291
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                   0000000077a688c4 5 bytes JMP 00000001742a1ab1
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                 0000000077a90d3b 5 bytes JMP 00000001742a2009
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                           0000000077ad860f 5 bytes JMP 00000001742a4b61
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                   0000000077ade8ab 5 bytes JMP 00000001742a1f71
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                           00000000755a0e00 5 bytes JMP 00000001742a1da9
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                            00000000755a1072 5 bytes JMP 00000001742a2a21
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                              00000000755a499f 5 bytes JMP 00000001742a25f9
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                    00000000755b3bbb 5 bytes JMP 00000001742a3011
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                     00000000755b9aa4 5 bytes JMP 00000001742a6f01
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                               00000000755b9b05 5 bytes JMP 00000001742a6ca1
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                  00000000755c7327 5 bytes JMP 00000001742a2729
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                            00000000755c88da 5 bytes JMP 00000001742a6581
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                               00000000755cccb1 5 bytes JMP 00000001742a6b71
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                     00000000755cccd1 5 bytes JMP 00000001742a6dd1
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                   0000000075622ff1 5 bytes JMP 00000001742a28f1
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                         000000007564748b 5 bytes JMP 00000001742a46a1
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                         00000000756474ae 5 bytes JMP 00000001742a47d1
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                              0000000075647859 5 bytes JMP 00000001742a4901
.text    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                              00000000756478d2 5 bytes JMP 00000001742a4a31
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                         00000000775278e2 5 bytes JMP 00000001742a4441
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                         0000000077527bd3 5 bytes JMP 00000001742a43a9
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                     0000000077528a29 5 bytes JMP 00000001742a5909
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                                         00000000775298fd 5 bytes JMP 00000001742a63b9
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                                             000000007752b6ed 5 bytes JMP 00000001742a7751
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                     000000007752d22e 5 bytes JMP 00000001742a59a1
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                     000000007752ee09 5 bytes JMP 00000001742a34d1
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                                         000000007752ffe6 5 bytes JMP 00000001742a6289
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                                       00000000775300d9 5 bytes JMP 00000001742a6321
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                        00000000775305ba 5 bytes JMP 00000001742a4571
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                          0000000077530dfb 5 bytes JMP 00000001742a5a39
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                        00000000775312a5 5 bytes JMP 00000001742a73c1
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                                      00000000775320ec 5 bytes JMP 00000001742a5dc9
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                        0000000077533baa 5 bytes JMP 00000001742a7329
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                        0000000077535f74 5 bytes JMP 00000001742a44d9
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                      0000000077536285 5 bytes JMP 00000001742a4bf9
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                   0000000077537603 5 bytes JMP 00000001742a2be9
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                                      0000000077537aee 5 bytes JMP 00000001742a5d31
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                   000000007753835c 5 bytes JMP 00000001742a2b51
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                                          000000007754ce54 5 bytes JMP 00000001742a5b69
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                 000000007754f52b 5 bytes JMP 00000001742a4c91
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                                       000000007754f588 5 bytes JMP 00000001742a6451
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                                       00000000775510a0 5 bytes JMP 00000001742a5ad1
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                       000000007757fcd6 5 bytes JMP 00000001742a5c01
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                       000000007757fcfa 5 bytes JMP 00000001742a5c99
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                              000007fefd9d642d 11 bytes [B8, 39, 5B, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                    000007fefd9d6484 12 bytes [48, B8, F9, 55, 0E, 76, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                          000007fefd9d6519 11 bytes [B8, 39, 62, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                    000007fefd9d6c34 12 bytes [48, B8, 39, 54, 0E, 76, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                               000007fefd9d7ab5 11 bytes [B8, F9, 5C, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                           000007fefd9d8b01 11 bytes [B8, B9, 57, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                           000007fefd9d8c39 11 bytes [B8, 79, 59, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                      000007feff5013b1 11 bytes [B8, 79, A6, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                      000007feff5018e0 12 bytes [48, B8, B9, A4, 0E, 76, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                   000007feff501bd1 11 bytes [B8, F9, A2, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                      000007feff502201 11 bytes [B8, 39, E0, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                     000007feff5023c0 12 bytes [48, B8, 39, 8C, 0E, 76, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!connect                                                                                                          000007feff5045c0 12 bytes [48, B8, 79, 67, 0E, 76, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                         000007feff508001 11 bytes [B8, 39, A1, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                    000007feff508df0 7 bytes [48, B8, B9, 8F, 0E, 76, 00]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                000007feff508df9 3 bytes [00, 50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                   000007feff50c090 12 bytes [48, B8, F9, 8D, 0E, 76, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                       000007feff50de91 11 bytes [B8, 39, D9, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                         000007feff50df41 11 bytes [B8, 79, DE, 0E, 76, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                   000007feff52e0f1 11 bytes [B8, B9, DC, 0E, 76, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                             00000000765e8f8d 5 bytes JMP 00000001742a1a19
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                         00000000765ec436 5 bytes JMP 00000001742a3b59
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                  00000000765eeca6 5 bytes JMP 00000001742a3601
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                         00000000765ef206 5 bytes JMP 00000001742a2399
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                     00000000765efa89 5 bytes JMP 00000001742a1e41
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                                    00000000765efbb7 5 bytes JMP 00000001742a6a41
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                        00000000765f1358 5 bytes JMP 00000001742a3ac1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                          00000000765f137f 5 bytes JMP 00000001742a3a29
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                    00000000765f1d29 5 bytes JMP 00000001742a1981
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                      00000000765f1e15 5 bytes JMP 00000001742a24c9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                      00000000765f2ab1 5 bytes JMP 00000001742a6159
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                      00000000765f2cd9 5 bytes JMP 00000001742a60c1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                         00000000765f2d17 5 bytes JMP 00000001742a61f1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                    00000000765f2e7a 5 bytes JMP 00000001742a18e9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                             00000000765f3b70 5 bytes JMP 00000001742a2269
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                               00000000765f4496 5 bytes JMP 00000001742a2431
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                        00000000765f4608 5 bytes JMP 00000001742a3569
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                  00000000765f4631 5 bytes JMP 00000001742a2c81
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                         00000000765fc734 5 bytes JMP 00000001742a27c1
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                0000000077631b21 11 bytes [B8, 79, BB, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                          0000000077631c10 12 bytes [48, B8, F9, 39, 0E, 76, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                   0000000077632b61 8 bytes [B8, 79, D0, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                  0000000077632b6a 2 bytes [50, C3]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                            000000007764db80 12 bytes [48, B8, B9, 2D, 0E, 76, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                               0000000077650931 11 bytes [B8, B9, E3, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                             00000000776852f1 11 bytes [B8, B9, 7A, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                             0000000077685311 11 bytes [B8, 39, 77, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                      000000007769a5e0 12 bytes [48, B8, B9, 81, 0E, 76, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                      000000007769a6f0 12 bytes [48, B8, 39, 7E, 0E, 76, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                         00000000776bf491 11 bytes [B8, 79, D7, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                         00000000776bf691 11 bytes [B8, F9, D3, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                   00000000776bf6c1 8 bytes [B8, F9, CC, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                  00000000776bf6ca 2 bytes [50, C3]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                 000007fefd731861 11 bytes [B8, 79, 52, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                 000007fefd732db1 11 bytes [B8, 39, AF, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                              000007fefd733461 11 bytes [B8, F9, B0, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                  000007fefd738ef0 12 bytes [48, B8, 79, AD, 0E, 76, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                    000007fefd7394c0 12 bytes [48, B8, B9, 50, 0E, 76, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                              000007fefd73bfd1 11 bytes [B8, B9, AB, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                  000007fefd742af1 11 bytes [B8, F9, 4E, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                              000007fefd764350 12 bytes [48, B8, B9, 42, 0E, 76, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                            000007fefd770c11 11 bytes [B8, 79, C9, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                          000007fefd772871 8 bytes [B8, 39, 23, 0E, 76, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                         000007fefd77287a 2 bytes [50, C3]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                000007fefd7728b1 11 bytes [B8, F9, 40, 0E, 76, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                              0000000077a4f928 5 bytes JMP 00000001742a7589
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                  0000000077a4f9e0 5 bytes JMP 00000001742a6619
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                  0000000077a4fb28 5 bytes JMP 00000001742a6029
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                            0000000077a4fc20 5 bytes JMP 00000001742a31d9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                       0000000077a4fc50 5 bytes JMP 00000001742a15f1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                     0000000077a4fc80 5 bytes JMP 00000001742a1689
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                       0000000077a4fcb0 5 bytes JMP 00000001742a5f91
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                            0000000077a4fdc8 5 bytes JMP 00000001742a74f1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                     0000000077a4fe14 5 bytes JMP 00000001742a30a9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                        0000000077a4fe44 5 bytes JMP 00000001742a3309
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                         0000000077a4ff24 5 bytes JMP 00000001742a3271
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                          0000000077a4ffa4 5 bytes JMP 00000001742a7621
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                        0000000077a4ffec 5 bytes JMP 00000001742a2ee1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                           0000000077a50004 5 bytes JMP 00000001742a2db1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                             0000000077a500b4 5 bytes JMP 00000001742a1ed9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                            0000000077a501c4 5 bytes JMP 00000001742a2301
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                           0000000077a5079c 5 bytes JMP 00000001742a7459
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                          0000000077a50814 5 bytes JMP 00000001742a2e49
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                         0000000077a508a4 5 bytes JMP 00000001742a2d19
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                             0000000077a50df4 5 bytes JMP 00000001742a66b1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                         0000000077a51604 5 bytes JMP 00000001742a4ac9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                       0000000077a51920 5 bytes JMP 00000001742a3141
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                   0000000077a51be4 5 bytes JMP 00000001742a6749
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                         0000000077a51d54 5 bytes JMP 00000001742a3439
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                          0000000077a51d70 5 bytes JMP 00000001742a33a1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                     0000000077a51d8c 5 bytes JMP 00000001742a76b9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                             0000000077a51ee8 5 bytes JMP 00000001742a7291
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                               0000000077a688c4 5 bytes JMP 00000001742a1ab1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                             0000000077a90d3b 5 bytes JMP 00000001742a2009
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                       0000000077ad860f 5 bytes JMP 00000001742a4b61
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                               0000000077ade8ab 5 bytes JMP 00000001742a1f71
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                       00000000755a0e00 5 bytes JMP 00000001742a1da9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                        00000000755a1072 5 bytes JMP 00000001742a2a21
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                          00000000755a499f 5 bytes JMP 00000001742a25f9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                00000000755b3bbb 5 bytes JMP 00000001742a3011
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                 00000000755b9aa4 5 bytes JMP 00000001742a6f01
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                           00000000755b9b05 5 bytes JMP 00000001742a6ca1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                              00000000755c7327 5 bytes JMP 00000001742a2729
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                        00000000755c88da 5 bytes JMP 00000001742a6581
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                           00000000755cccb1 5 bytes JMP 00000001742a6b71
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                 00000000755cccd1 5 bytes JMP 00000001742a6dd1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!WinExec                                                               0000000075622ff1 5 bytes JMP 00000001742a28f1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                     000000007564748b 5 bytes JMP 00000001742a46a1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                     00000000756474ae 5 bytes JMP 00000001742a47d1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                          0000000075647859 5 bytes JMP 00000001742a4901
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                          00000000756478d2 5 bytes JMP 00000001742a4a31
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!closesocket                                                             00000000767d3918 5 bytes JMP 00000001742a5ef9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!WSASocketW                                                              00000000767d3cd3 5 bytes JMP 00000001742a5e61
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!socket                                                                  00000000767d3eb8 5 bytes JMP 00000001742a6f99
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                 00000000767d4406 5 bytes JMP 00000001742a2139
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                                                            00000000767d4889 5 bytes JMP 00000001742a5741
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!recv                                                                    00000000767d6b0e 5 bytes JMP 00000001742a7161
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!connect                                                                 00000000767d6bdd 1 byte JMP 00000001742a41e1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!connect + 2                                                             00000000767d6bdf 3 bytes {CALL RBP}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!send                                                                    00000000767d6f01 5 bytes JMP 00000001742a20a1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!WSARecv                                                                 00000000767d7089 5 bytes JMP 00000001742a71f9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                              00000000767dcc3f 5 bytes JMP 00000001742a70c9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW                                                          00000000767dd1ea 5 bytes JMP 00000001742a57d9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                           00000000767e7673 5 bytes JMP 00000001742a5871
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                    0000000077a4f928 5 bytes JMP 00000001742a7589
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                        0000000077a4f9e0 5 bytes JMP 00000001742a6619
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                        0000000077a4fb28 5 bytes JMP 00000001742a6029
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                  0000000077a4fc20 5 bytes JMP 00000001742a31d9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                             0000000077a4fc50 5 bytes JMP 00000001742a15f1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                           0000000077a4fc80 5 bytes JMP 00000001742a1689
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                             0000000077a4fcb0 5 bytes JMP 00000001742a5f91
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                  0000000077a4fdc8 5 bytes JMP 00000001742a74f1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                           0000000077a4fe14 5 bytes JMP 00000001742a30a9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                              0000000077a4fe44 5 bytes JMP 00000001742a3309
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                               0000000077a4ff24 5 bytes JMP 00000001742a3271
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                0000000077a4ffa4 5 bytes JMP 00000001742a7621
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                              0000000077a4ffec 5 bytes JMP 00000001742a2ee1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                 0000000077a50004 5 bytes JMP 00000001742a2db1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                   0000000077a500b4 5 bytes JMP 00000001742a1ed9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                  0000000077a501c4 5 bytes JMP 00000001742a2301
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                 0000000077a5079c 5 bytes JMP 00000001742a7459
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                0000000077a50814 5 bytes JMP 00000001742a2e49
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                               0000000077a508a4 5 bytes JMP 00000001742a2d19
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                   0000000077a50df4 5 bytes JMP 00000001742a66b1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                               0000000077a51604 5 bytes JMP 00000001742a4ac9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                             0000000077a51920 5 bytes JMP 00000001742a3141
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                         0000000077a51be4 5 bytes JMP 00000001742a6749
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                               0000000077a51d54 5 bytes JMP 00000001742a3439
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                0000000077a51d70 5 bytes JMP 00000001742a33a1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                           0000000077a51d8c 5 bytes JMP 00000001742a76b9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                   0000000077a51ee8 5 bytes JMP 00000001742a7291
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                     0000000077a688c4 5 bytes JMP 00000001742a1ab1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                   0000000077a90d3b 5 bytes JMP 00000001742a2009
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                             0000000077ad860f 5 bytes JMP 00000001742a4b61
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                     0000000077ade8ab 5 bytes JMP 00000001742a1f71
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                             00000000755a0e00 5 bytes JMP 00000001742a1da9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                              00000000755a1072 5 bytes JMP 00000001742a2a21
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                00000000755a499f 5 bytes JMP 00000001742a25f9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                      00000000755b3bbb 5 bytes JMP 00000001742a3011
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                       00000000755b9aa4 5 bytes JMP 00000001742a6f01
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                 00000000755b9b05 5 bytes JMP 00000001742a6ca1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                    00000000755c7327 5 bytes JMP 00000001742a2729
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                              00000000755c88da 5 bytes JMP 00000001742a6581
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                 00000000755cccb1 5 bytes JMP 00000001742a6b71
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                       00000000755cccd1 5 bytes JMP 00000001742a6dd1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                     0000000075622ff1 5 bytes JMP 00000001742a28f1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                           000000007564748b 5 bytes JMP 00000001742a46a1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                           00000000756474ae 5 bytes JMP 00000001742a47d1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                0000000075647859 5 bytes JMP 00000001742a4901
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                00000000756478d2 5 bytes JMP 00000001742a4a31
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                                    000000007643a472 5 bytes JMP 00000001742a7751
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                                    00000000764427ce 5 bytes JMP 00000001742a1be1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                                  000000007644e6cf 5 bytes JMP 00000001742a1b49
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                                000000007638c9ec 5 bytes JMP 00000001742a3c89
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                                0000000076392b70 5 bytes JMP 00000001742a3bf1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                          000000007639361c 5 bytes JMP 00000001742a40b1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                         0000000076394965 5 bytes JMP 00000001742a7881
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                              00000000763a70c4 5 bytes JMP 00000001742a4311
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                              00000000763a70dc 5 bytes JMP 00000001742a3e51
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                               00000000763a70f4 5 bytes JMP 00000001742a3ee9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                        00000000763c31f4 5 bytes JMP 00000001742a3f81
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                        00000000763c3204 5 bytes JMP 00000001742a4019
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                           00000000763c3214 5 bytes JMP 00000001742a3d21
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                           00000000763c3224 5 bytes JMP 00000001742a3db9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                              00000000763c3264 5 bytes JMP 00000001742a4279
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                                            00000000756c0179 5 bytes JMP 00000001742a4d29
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                                   00000000767d3918 5 bytes JMP 00000001742a5ef9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!WSASocketW                                                                                    00000000767d3cd3 5 bytes JMP 00000001742a5e61
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!socket                                                                                        00000000767d3eb8 5 bytes JMP 00000001742a6f99
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                                       00000000767d4406 5 bytes JMP 00000001742a2139
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                                                                                  00000000767d4889 5 bytes JMP 00000001742a5741
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!recv                                                                                          00000000767d6b0e 5 bytes JMP 00000001742a7161
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!connect                                                                                       00000000767d6bdd 1 byte JMP 00000001742a41e1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!connect + 2                                                                                   00000000767d6bdf 3 bytes {CALL RBP}
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!send                                                                                          00000000767d6f01 5 bytes JMP 00000001742a20a1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!WSARecv                                                                                       00000000767d7089 5 bytes JMP 00000001742a71f9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                                                    00000000767dcc3f 5 bytes JMP 00000001742a70c9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW                                                                                00000000767dd1ea 5 bytes JMP 00000001742a57d9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                                 00000000767e7673 5 bytes JMP 00000001742a5871
.text    C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          00000000778a1570 6 bytes [48, B8, F0, 12, ED, 01]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                      00000000778a1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[5324] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8                                                                                                         000007fefcc756e0 12 bytes [48, B8, F9, C5, 0E, 76, 00, ...]
.text    C:\Windows\system32\taskhost.exe[5324] C:\Windows\system32\DNSAPI.dll!DnsQuery_W                                                                                                            000007fefcc8010c 12 bytes [48, B8, 39, C4, 0E, 76, 00, ...]
.text    C:\Windows\system32\taskhost.exe[5324] C:\Windows\system32\DNSAPI.dll!DnsQuery_A                                                                                                            000007fefcc9daa0 12 bytes [48, B8, 79, C2, 0E, 76, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                              0000000077631b21 11 bytes [B8, 79, BB, 0E, 76, 00, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                        0000000077631c10 12 bytes [48, B8, F9, 39, 0E, 76, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                 0000000077632b61 8 bytes [B8, 79, D0, 0E, 76, 00, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                0000000077632b6a 2 bytes [50, C3]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                          000000007764db80 12 bytes [48, B8, B9, 2D, 0E, 76, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                             0000000077650931 11 bytes [B8, 79, E5, 0E, 76, 00, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                           00000000776852f1 11 bytes [B8, B9, 7A, 0E, 76, 00, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                           0000000077685311 11 bytes [B8, 39, 77, 0E, 76, 00, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                    000000007769a5e0 12 bytes [48, B8, B9, 81, 0E, 76, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                    000000007769a6f0 12 bytes [48, B8, 39, 7E, 0E, 76, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                       00000000776bf491 11 bytes [B8, 79, D7, 0E, 76, 00, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                       00000000776bf691 11 bytes [B8, F9, D3, 0E, 76, 00, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                 00000000776bf6c1 8 bytes [B8, F9, CC, 0E, 76, 00, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                00000000776bf6ca 2 bytes [50, C3]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                       000007feff5013b1 11 bytes [B8, 79, A6, 0E, 76, 00, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                       000007feff5018e0 12 bytes [48, B8, B9, A4, 0E, 76, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                    000007feff501bd1 11 bytes [B8, F9, A2, 0E, 76, 00, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                       000007feff502201 11 bytes [B8, F9, E1, 0E, 76, 00, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                      000007feff5023c0 12 bytes [48, B8, 39, 8C, 0E, 76, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!connect                                                                                                           000007feff5045c0 12 bytes [48, B8, 79, 67, 0E, 76, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                          000007feff508001 11 bytes [B8, 39, A1, 0E, 76, 00, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                     000007feff508df0 7 bytes [48, B8, B9, 8F, 0E, 76, 00]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                 000007feff508df9 3 bytes [00, 50, C3]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                    000007feff50c090 12 bytes [48, B8, F9, 8D, 0E, 76, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                        000007feff50de91 11 bytes [B8, F9, DA, 0E, 76, 00, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                          000007feff50df41 11 bytes [B8, 39, E0, 0E, 76, 00, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                    000007feff52e0f1 11 bytes [B8, 79, DE, 0E, 76, 00, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW                                                                                           000007feff0b2fc0 12 bytes [48, B8, B9, 65, 0E, 76, 00, ...]
.text    C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1                                                                                            000007feff0d5891 11 bytes [B8, F9, 63, 0E, 76, 00, 00, ...]
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtReadFile                                                                                                     0000000077a4f8f0 5 bytes JMP 00000001742a6619
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                                    0000000077a4f928 5 bytes JMP 00000001742a6ca1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                        0000000077a4f9e0 5 bytes JMP 00000001742a5c99
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                                        0000000077a4fb28 5 bytes JMP 00000001742a56a9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                                  0000000077a4fc20 5 bytes JMP 00000001742a31d9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                             0000000077a4fc50 5 bytes JMP 00000001742a15f1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                           0000000077a4fc80 5 bytes JMP 00000001742a1689
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                             0000000077a4fcb0 5 bytes JMP 00000001742a5611
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                  0000000077a4fdc8 5 bytes JMP 00000001742a6c09
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                           0000000077a4fe14 5 bytes JMP 00000001742a30a9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                              0000000077a4fe44 5 bytes JMP 00000001742a3309
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                               0000000077a4ff24 5 bytes JMP 00000001742a3271
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                0000000077a4ffa4 5 bytes JMP 00000001742a6d39
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                              0000000077a4ffec 5 bytes JMP 00000001742a2ee1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                 0000000077a50004 5 bytes JMP 00000001742a2db1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                   0000000077a500b4 5 bytes JMP 00000001742a1ed9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                  0000000077a501c4 5 bytes JMP 00000001742a2301
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                                 0000000077a5079c 5 bytes JMP 00000001742a6b71
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                                0000000077a50814 5 bytes JMP 00000001742a2e49
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                               0000000077a508a4 5 bytes JMP 00000001742a2d19
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                   0000000077a50df4 5 bytes JMP 00000001742a5d31
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                               0000000077a51604 5 bytes JMP 00000001742a4ac9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                             0000000077a51920 5 bytes JMP 00000001742a3141
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                         0000000077a51be4 5 bytes JMP 00000001742a5dc9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                               0000000077a51d54 5 bytes JMP 00000001742a3439
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                                0000000077a51d70 5 bytes JMP 00000001742a33a1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                           0000000077a51d8c 5 bytes JMP 00000001742a6dd1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                                   0000000077a51ee8 5 bytes JMP 00000001742a69a9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                                     0000000077a688c4 5 bytes JMP 00000001742a1ab1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                                   0000000077a90d3b 5 bytes JMP 00000001742a2009
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                                             0000000077ad860f 5 bytes JMP 00000001742a4b61
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                                     0000000077ade8ab 5 bytes JMP 00000001742a1f71
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                                             00000000755a0e00 5 bytes JMP 00000001742a1da9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                              00000000755a1072 5 bytes JMP 00000001742a2a21
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                                00000000755a499f 5 bytes JMP 00000001742a25f9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                      00000000755b3bbb 5 bytes JMP 00000001742a3011
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                                       00000000755b9aa4 5 bytes JMP 00000001742a6581
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                                 00000000755b9b05 5 bytes JMP 00000001742a6321
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                                    00000000755c7327 5 bytes JMP 00000001742a2729
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                                              00000000755c88da 5 bytes JMP 00000001742a5c01
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                                 00000000755cccb1 5 bytes JMP 00000001742a61f1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                                       00000000755cccd1 5 bytes JMP 00000001742a6451
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                     0000000075622ff1 5 bytes JMP 00000001742a28f1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                                           000000007564748b 5 bytes JMP 00000001742a46a1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                                           00000000756474ae 5 bytes JMP 00000001742a47d1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                                0000000075647859 5 bytes JMP 00000001742a4901
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                                00000000756478d2 5 bytes JMP 00000001742a4a31
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                                                                   00000000765e8f8d 5 bytes JMP 00000001742a1a19
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                                                               00000000765ec436 5 bytes JMP 00000001742a3b59
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                                                        00000000765eeca6 5 bytes JMP 00000001742a3601
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                                                               00000000765ef206 5 bytes JMP 00000001742a2399
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                                                           00000000765efa89 5 bytes JMP 00000001742a1e41
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                                                                          00000000765efbb7 5 bytes JMP 00000001742a60c1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                                                              00000000765f1358 5 bytes JMP 00000001742a3ac1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                                                                00000000765f137f 5 bytes JMP 00000001742a3a29
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                          00000000765f1d29 5 bytes JMP 00000001742a1981
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                                                            00000000765f1e15 5 bytes JMP 00000001742a24c9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                            00000000765f2ab1 5 bytes JMP 00000001742a57d9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                                                            00000000765f2cd9 5 bytes JMP 00000001742a5741
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                               00000000765f2d17 5 bytes JMP 00000001742a5871
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                                                          00000000765f2e7a 5 bytes JMP 00000001742a18e9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                                                                   00000000765f3b70 5 bytes JMP 00000001742a2269
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                                                                     00000000765f4496 5 bytes JMP 00000001742a2431
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                                                              00000000765f4608 5 bytes JMP 00000001742a3569
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                                                        00000000765f4631 5 bytes JMP 00000001742a2c81
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                                                               00000000765fc734 5 bytes JMP 00000001742a27c1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                                                000000007638c9ec 5 bytes JMP 00000001742a3c89
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                                                0000000076392b70 5 bytes JMP 00000001742a3bf1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                                          000000007639361c 5 bytes JMP 00000001742a40b1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                                         0000000076394965 1 byte JMP 00000001742a6e69
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 224                                                                                         0000000076394967 3 bytes {JMP QWORD [RCX+RSI*8]}
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                                              00000000763a70c4 5 bytes JMP 00000001742a4311
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                                              00000000763a70dc 5 bytes JMP 00000001742a3e51
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                                               00000000763a70f4 5 bytes JMP 00000001742a3ee9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                                        00000000763c31f4 5 bytes JMP 00000001742a3f81
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                                        00000000763c3204 5 bytes JMP 00000001742a4019
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                                           00000000763c3214 5 bytes JMP 00000001742a3d21
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                                           00000000763c3224 5 bytes JMP 00000001742a3db9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                                              00000000763c3264 5 bytes JMP 00000001742a4279
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                                                    000000007643a472 5 bytes JMP 00000001742a6f01
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                                                    00000000764427ce 5 bytes JMP 00000001742a1be1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                                                  000000007644e6cf 5 bytes JMP 00000001742a1b49
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                                   00000000775278e2 5 bytes JMP 00000001742a4441
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                                   0000000077527bd3 5 bytes JMP 00000001742a43a9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                               0000000077528a29 5 bytes JMP 00000001742a4f89
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                                                   00000000775298fd 5 bytes JMP 00000001742a5a39
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                                                       000000007752b6ed 5 bytes JMP 00000001742a6f99
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                               000000007752d22e 5 bytes JMP 00000001742a5021
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                               000000007752ee09 5 bytes JMP 00000001742a34d1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                                                   000000007752ffe6 5 bytes JMP 00000001742a5909
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                                                 00000000775300d9 5 bytes JMP 00000001742a59a1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                                  00000000775305ba 5 bytes JMP 00000001742a4571
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                                    0000000077530dfb 5 bytes JMP 00000001742a50b9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                  00000000775312a5 5 bytes JMP 00000001742a6ad9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                                                00000000775320ec 5 bytes JMP 00000001742a5449
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                  0000000077533baa 5 bytes JMP 00000001742a6a41
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                                  0000000077535f74 5 bytes JMP 00000001742a44d9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                                0000000077536285 5 bytes JMP 00000001742a4bf9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                             0000000077537603 5 bytes JMP 00000001742a2be9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                                                0000000077537aee 5 bytes JMP 00000001742a53b1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                             000000007753835c 5 bytes JMP 00000001742a2b51
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                                                    000000007754ce54 5 bytes JMP 00000001742a51e9
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                           000000007754f52b 5 bytes JMP 00000001742a4c91
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                                                 000000007754f588 5 bytes JMP 00000001742a5ad1
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                                                 00000000775510a0 5 bytes JMP 00000001742a5151
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                                 000000007757fcd6 2 bytes JMP 00000001742a5281
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3                                                                                             000000007757fcd9 2 bytes [D2, FC]
.text    C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                                 000000007757fcfa 5 bytes JMP 00000001742a5319

---- Modules - GMER 2.1 ----

Module   \SystemRoot\System32\drivers\yeflxetu.sys                                                                                                                                                   fffff88000d62000-fffff88000d78000 (90112 bytes)
Module   \??\C:\Users\MADDS~1\AppData\Local\Temp\pxdiypob.sys (GMER)                                                                                                                                 fffff88002800000-fffff88002810000 (65536 bytes)

---- Threads - GMER 2.1 ----

Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2448:1304]                                                                                                                      0000000076d27587
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2448:956]                                                                                                                       00000000741b8aa6
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2448:4496]                                                                                                                      0000000077a82e65
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2448:3040]                                                                                                                      0000000077a83e85
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2448:5376]                                                                                                                      0000000077a83e85
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2448:2084]                                                                                                                      0000000077a83e85
---- Processes - GMER 2.1 ----

Library  \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll (*** suspicious ***) @ C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [972] (FILE NOT FOUND)  000007fefbaa0000

---- EOF - GMER 2.1 ----

Matty33 · 02.04.2015, 04:48

Und da ich den Additional Scan wohl falsch platziert habe (schaue gleich noch mal), kommt der sicherheitshalber auch noch. Das war`s erst mal. Sorry, wenn ich Euch damit erschlage. Ist das erste mal, dass ich in einem Forum bin und fühle mich angesichts der Situation auch gerade so etwas erschlagen von dem, was am Rechner passiert.

Jedenfalls vielen Dank schon mal!

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Maddäs at 2015-04-01 23:03:51
Running from C:\Users\Maddäs\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0530.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.17.0.1227 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0 (x86 de)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Photomatix Pro version 4.0.2 (HKLM-x32\...\PhotomatixPro4.0x32_is1) (Version: 4.0.2 - HDRsoft Sarl)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.1.4 - Reimage) <==== ATTENTION
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
SweetIM for Messenger 3.7 (x32 Version: 3.7.0007 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.17.5 - Synaptics Incorporated)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-03-2015 20:32:04 Geplanter Prüfpunkt
11-03-2015 23:33:40 Windows Update
19-03-2015 23:48:18 Geplanter Prüfpunkt
25-03-2015 21:24:30 Windows Update
01-04-2015 19:51:42 Revo Uninstaller's restore point - Adobe Flash Player 17 NPAPI
01-04-2015 19:54:55 Revo Uninstaller's restore point - Adobe Flash Player 16 ActiveX
01-04-2015 19:59:32 Windows Update
01-04-2015 20:26:43 Windows Update
01-04-2015 22:21:52 Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 2.1.4.1018

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08D16BC6-2B4C-4DE2-8C48-5EA26DDDBC9E} - System32\Tasks\new_game_updating_service => C:\Program Files (x86)\new game\new_game_updating_service.exe [2015-04-01] ()
Task: {3D3057BA-82BA-4227-A985-98C4847EB91C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4D1AFFDC-54A0-4AA5-A805-369E7249E20F} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
Task: {4EF3FA61-6E01-4D25-98D5-0434373E5C3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {611B8D2C-0E0B-41C9-886B-F77B5D415FC0} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2015-03-16] (Reimage ltd.) <==== ATTENTION
Task: {78CBDA9A-4B07-4400-B7D5-7AF1D37750B2} - \new_game_notification_service No Task File <==== ATTENTION
Task: {86063057-714F-49BA-890D-35D6CA58F967} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {B0414489-3A0B-4943-8AD9-9B629BB5C3A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {B7923AFF-F1B6-4C53-85D7-191AABC14559} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {FCBADC99-BB74-4424-A548-BBD88CB3F5F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-01] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\new_game_updating_service.job => C:\Program Files (x86)\new game\new_game_updating_service.exe© /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=new_game_updating_service /funurl=http:/stats.buildomserv.com
Task: C:\Windows\Tasks\V483t6QIzT4Ib7XPH9.job => C:\Users\Maddýÿs\AppData\Roaming\V483t6QIzT4Ib7XPH9.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-08 16:56 - 2014-08-27 17:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-11-08 16:56 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-11-08 16:56 - 2014-10-15 13:08 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-11-08 16:56 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-02-06 15:26 - 2015-02-06 15:26 - 00784712 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttpbr.mdl
2015-02-06 15:26 - 2015-02-06 15:26 - 00573544 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttpdsp.mdl
2015-02-06 15:26 - 2015-02-06 15:26 - 02657264 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttpph.mdl
2015-02-06 15:26 - 2015-02-06 15:26 - 01331648 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttprbl.mdl
2015-01-14 12:07 - 2015-01-14 12:07 - 06757728 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2011-10-27 14:06 - 2011-08-09 01:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-12 17:43 - 2012-09-25 12:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2015-01-20 17:53 - 2015-02-24 19:24 - 00471056 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdidntconp.dll
2015-01-20 17:52 - 2015-02-24 19:25 - 00188416 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\ui\bdidntconp.ui
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-01-12 17:41 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-04-01 20:55 - 2015-04-01 20:55 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Maddäs\Downloads\ConvertHelperSetup.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\driverscanner.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\Firefox - CHIP-Installer(2).exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\mbam-setup-2.1.4.1018.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\PDFCreator-1_7_2_setup.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1050519430-933015278-2871175751-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Maddäs\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BBSvc => 3
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1050519430-933015278-2871175751-500 - Administrator - Disabled)
Gast (S-1-5-21-1050519430-933015278-2871175751-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1050519430-933015278-2871175751-1002 - Limited - Enabled)
Maddäs (S-1-5-21-1050519430-933015278-2871175751-1001 - Administrator - Enabled) => C:\Users\Maddäs

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2015 10:20:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 09:08:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 08:16:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 08:12:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm DllHost.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12bc

Startzeit: 01d06ca56f04967f

Endzeit: 0

Anwendungspfad: C:\Windows\system32\DllHost.exe

Berichts-ID:

Error: (04/01/2015 07:26:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 06:46:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.4.5557, Zeitstempel: 0x550d0883
Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.4.5557, Zeitstempel: 0x550cfa82
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001e02
ID des fehlerhaften Prozesses: 0x103c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (04/01/2015 05:14:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 05:01:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 04:22:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 05:17:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/01/2015 10:19:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.

Error: (04/01/2015 10:17:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/01/2015 09:07:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.

Error: (04/01/2015 09:05:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/01/2015 08:13:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/01/2015 07:25:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.

Error: (04/01/2015 05:14:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.

Error: (04/01/2015 05:39:41 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (03/31/2015 08:49:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (03/31/2015 04:22:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================
Error: (04/01/2015 10:20:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 09:08:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 08:16:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 08:12:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: DllHost.exe6.1.7600.1638512bc01d06ca56f04967f0C:\Windows\system32\DllHost.exe

Error: (04/01/2015 07:26:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 06:46:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.4.5557550d0883mozalloc.dll36.0.4.5557550cfa828000000300001e02103c01d06c9023e8cf5eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll9f861054-d88e-11e4-af68-e840f25b43b7

Error: (04/01/2015 05:14:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 05:01:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 04:22:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 05:17:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-11-08 09:54:48.720
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 09:54:48.710
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 09:54:48.710
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 09:54:48.680
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 09:54:48.680
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 09:54:48.670
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-07 10:58:26.715
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-07 10:58:26.715
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-07 10:58:26.705
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-07 10:58:26.685
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 69%
Total physical RAM: 3764.86 MB
Available physical RAM: 1161.11 MB
Total Pagefile: 7527.91 MB
Available Pagefile: 4273.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.49 GB) (Free:84.96 GB) NTFS
Drive j: () (Removable) (Total:0.47 GB) (Free:0.45 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2B7B485D)
Partition 1: (Not Active) - (Size=13.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 483.9 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

cosinus · 02.04.2015, 08:31

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Reimage Repair

SweetIM for Messenger 3.7
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Matty33 · 02.04.2015, 13:43

Hallo,

bei Reimage Repair sind Reste auf der Platte, die ich nicht runterkriege, z. B. Reimage.ini. Der Revo Uninstaller ruft gar kein Reimage Repair auf (bin mir nicht sicher, ob ich gestern nicht schon versucht hatte, das "klassisch" zu löschen.
Auch ein Sweet IM for Messenger 3.7 erkennt er nicht. Daher habe ich dort den gesamten Live Messenger über Revo gelöscht.

Die Probleme sind - auch nach einem Neustart - nach wie vor massiv.

Anbei der aktuelle Stand meines Rechners:

Code:

ATTFilter

defogger_enable by jpshortstuff (23.02.10.1)
Log created at 14:33 on 02/04/2015 (Maddäs)

Parsing file...


-=E.O.F=-

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Maddäs (administrator) on MADDÄS-PC on 02-04-2015 14:40:24
Running from C:\Users\Maddäs\Downloads
Loaded Profiles: Maddäs (Available profiles: Maddäs)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1689576 2015-02-24] (Bitdefender)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1050519430-933015278-2871175751-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-24] (Bitdefender)
HKU\S-1-5-21-1050519430-933015278-2871175751-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51411;https=127.0.0.1:51411
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1050519430-933015278-2871175751-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1050519430-933015278-2871175751-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1050519430-933015278-2871175751-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1050519430-933015278-2871175751-1001 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PR9UIyGur&loc=skw&search={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547
FF Homepage: www.spielbox.de
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: 551f29203c1911e1b86c0800200c9a66jetpack - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\551f2920-3c19-11e1-b86c-0800200c9a66@jetpack [2015-04-01]
FF Extension: NetVideoHunter - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\netvideohunter@netvideohunter.com [2015-03-04]
FF Extension: new game - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\QqftOZ@gmail.com [2015-04-01]
FF Extension: ProxTube - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\ich@maltegoetz.de.xpi [2014-09-30]
FF Extension: Video DownloadHelper - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-15]
FF Extension: Adblock Plus - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-11]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-11-08]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-11-08]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-20] (Bitdefender)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-02-24] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-24] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-24] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-24] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155912 2015-01-20] (BitDefender LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-24] (BitDefender S.R.L.)
S3 cpuz134; \??\C:\Users\MADDS~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 14:33 - 2015-04-02 14:33 - 00000246 _____ () C:\Users\Maddäs\Downloads\defogger_enable.log
2015-04-02 13:44 - 2015-04-02 13:44 - 00000000 ____D () C:\Users\Maddäs\AppData\Local\{D517B05F-8199-4822-AC5F-5334B3276D1A}
2015-04-02 13:27 - 2015-04-02 13:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Maddäs\Downloads\revosetup95.exe
2015-04-01 23:42 - 2015-04-01 23:42 - 00000476 _____ () C:\Users\Maddäs\Desktop\defogger_disable.txt
2015-04-01 23:41 - 2015-04-02 14:32 - 00000474 _____ () C:\Users\Maddäs\Downloads\defogger_disable.log
2015-04-01 23:40 - 2015-04-01 23:40 - 00050477 _____ () C:\Users\Maddäs\Downloads\Defogger.exe
2015-04-01 23:38 - 2015-04-01 23:38 - 00292852 _____ () C:\Users\Maddäs\Desktop\Gmer.txt
2015-04-01 23:26 - 2015-04-01 23:26 - 00380416 _____ () C:\Users\Maddäs\Downloads\Gmer-19357.exe
2015-04-01 23:16 - 2015-04-01 23:16 - 00050345 _____ () C:\Users\Maddäs\Desktop\FRST.txt
2015-04-01 23:16 - 2015-04-01 23:16 - 00031718 _____ () C:\Users\Maddäs\Desktop\Addition.txt
2015-04-01 23:03 - 2015-04-01 23:04 - 00031718 _____ () C:\Users\Maddäs\Downloads\Addition.txt
2015-04-01 23:02 - 2015-04-02 14:40 - 00016640 _____ () C:\Users\Maddäs\Downloads\FRST.txt
2015-04-01 22:51 - 2015-04-02 14:40 - 00000000 ____D () C:\FRST
2015-04-01 22:48 - 2015-04-01 22:48 - 02095616 _____ (Farbar) C:\Users\Maddäs\Downloads\FRST64.exe
2015-04-01 21:51 - 2015-04-01 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-01 21:50 - 2015-04-01 21:50 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Maddäs\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-01 21:27 - 2015-04-01 21:27 - 00003440 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2015-04-01 21:26 - 2015-04-02 14:19 - 00000000 ____D () C:\rei
2015-04-01 21:26 - 2015-04-02 13:24 - 00000000 ____D () C:\Program Files\Reimage
2015-04-01 21:26 - 2015-04-01 21:26 - 00004278 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2015-04-01 19:43 - 2015-04-01 19:43 - 01203488 _____ () C:\Users\Maddäs\Downloads\Firefox - CHIP-Installer(2).exe
2015-04-01 18:46 - 2015-04-02 14:26 - 00000666 _____ () C:\Windows\Tasks\new_game_updating_service.job
2015-04-01 18:46 - 2015-04-01 19:28 - 00000000 ____D () C:\Program Files (x86)\new game
2015-04-01 18:46 - 2015-04-01 18:46 - 00003694 _____ () C:\Windows\System32\Tasks\new_game_updating_service
2015-04-01 18:46 - 2015-04-01 18:46 - 00001012 _____ () C:\Windows\Tasks\V483t6QIzT4Ib7XPH9.job
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\Maddäs\AppData\Roaming\V483t6QIzT4Ib7XPH9
2015-03-28 15:29 - 2015-03-28 15:29 - 08843007 _____ () C:\Users\Maddäs\Downloads\Female MMA Fight  Jessica Sanchez vs Felice Herrig 2013.mp4
2015-03-28 15:28 - 2015-03-28 15:31 - 317098048 _____ () C:\Users\Maddäs\Downloads\WXC 44  Independence Christianna Daniels vs Lauren Foley Womens MMA.mp4
2015-03-25 20:14 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 20:14 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 20:14 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 20:14 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 20:14 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 20:14 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 20:14 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 20:14 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 06:10 - 2015-03-23 06:10 - 12039986 _____ () C:\Users\Maddäs\Downloads\Furious 7 Movie CLIP - Girl Fight (2015) - Vin Diesel, Michelle Rodriquez Movie HD - YouTube.mp4
2015-03-23 05:59 - 2015-03-23 05:59 - 28268463 _____ () C:\Users\Maddäs\Downloads\春山ちえり　VS　羽柴まゆみ　キャットファイト - YouTube.mp4
2015-03-22 20:41 - 2015-04-01 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-11 18:12 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 18:12 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 18:12 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 18:12 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 18:12 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 18:12 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 18:12 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 18:12 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 18:12 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 18:12 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 18:12 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 18:12 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 18:12 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 18:12 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 18:12 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 18:12 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 18:12 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 18:12 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 18:12 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 18:12 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 18:12 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 18:11 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 18:11 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 18:11 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 18:11 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 18:11 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 18:11 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 18:11 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 18:11 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 18:11 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 18:11 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 18:11 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 18:11 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 18:11 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 18:11 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 18:11 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 18:11 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 18:11 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 18:11 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 18:11 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 18:11 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 18:11 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 18:11 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 18:11 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 18:11 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 18:11 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 18:11 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 18:11 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 18:11 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 18:11 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 18:10 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 18:10 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 18:10 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 18:10 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 18:10 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 18:10 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 18:10 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 18:10 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 18:10 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 18:10 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 18:10 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 18:10 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 18:10 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 18:10 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 18:10 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 18:10 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 18:10 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 18:10 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 18:10 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 18:10 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 18:10 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 18:10 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 18:10 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 18:10 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 18:10 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 18:10 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 18:10 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 18:10 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 18:10 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 18:10 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 18:10 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 18:10 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 18:10 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 18:10 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 18:10 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 18:10 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 18:10 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 18:10 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 18:10 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 18:10 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 18:10 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 18:10 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 18:10 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 18:10 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 18:10 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 18:10 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 18:10 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 18:10 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 18:10 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 18:10 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 18:10 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 18:10 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 18:10 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 18:10 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 18:10 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 18:10 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 18:10 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 18:10 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 18:10 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 18:10 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 18:10 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 18:10 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 18:10 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 14:33 - 2012-07-07 18:49 - 00000000 ____D () C:\Users\Maddäs
2015-04-02 14:33 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 14:33 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 14:30 - 2012-02-26 08:15 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-04-02 14:30 - 2012-02-26 08:15 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-04-02 14:30 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-02 14:29 - 2012-02-25 23:26 - 01201102 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 14:26 - 2013-09-05 05:25 - 00079306 _____ () C:\Windows\setupact.log
2015-04-02 14:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-02 14:05 - 2013-04-19 05:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-02 14:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-02 13:44 - 2013-05-04 15:58 - 00000000 ____D () C:\Users\Maddäs\Tracing
2015-04-02 13:38 - 2014-05-12 22:08 - 00000000 ____D () C:\Users\Maddäs\AppData\Local\Windows Live
2015-04-02 13:35 - 2014-01-29 00:00 - 00001228 _____ () C:\Users\Maddäs\Desktop\Revo Uninstaller.lnk
2015-04-02 13:35 - 2012-09-10 17:49 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-02 06:45 - 2015-03-01 11:41 - 00000000 ____D () C:\Users\Maddäs\Desktop\Schnuckel-Verkauf
2015-04-02 06:43 - 2012-07-14 06:59 - 00000000 ____D () C:\Users\Maddäs\Desktop\Ebay
2015-04-02 06:42 - 2012-07-14 06:58 - 00000000 ____D () C:\Users\Maddäs\Desktop\Spielerunde
2015-04-02 06:34 - 2013-09-12 14:42 - 00203520 _____ () C:\Windows\PFRO.log
2015-04-02 00:54 - 2014-02-25 22:29 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-01 22:16 - 2014-10-13 06:32 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-04-01 22:16 - 2013-05-04 15:57 - 00000000 ____D () C:\Windows\SysWOW64\WNLT
2015-04-01 22:16 - 2013-05-04 15:57 - 00000000 ____D () C:\Windows\SysWOW64\ARFC
2015-04-01 20:56 - 2014-10-17 15:21 - 00000000 ____D () C:\Users\Maddäs\AppData\Local\Adobe
2015-04-01 20:55 - 2013-04-19 05:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-01 20:55 - 2012-07-08 17:31 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-01 20:55 - 2011-10-27 14:12 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-01 20:14 - 2012-09-10 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-01 19:47 - 2012-09-10 20:10 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-31 20:12 - 2012-07-14 07:00 - 00000000 ____D () C:\Users\Maddäs\Desktop\Karin
2015-03-26 04:03 - 2014-12-11 03:00 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 04:03 - 2014-05-06 12:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 06:02 - 2012-08-22 19:32 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2015-03-24 22:23 - 2014-04-28 14:58 - 00001119 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-03-24 22:23 - 2012-08-22 19:32 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-03-17 18:34 - 2014-11-04 18:51 - 00000000 ____D () C:\Users\Maddäs\dwhelper
2015-03-15 20:58 - 2014-10-31 14:59 - 00000000 ____D () C:\Users\Maddäs\Desktop\Persönliches
2015-03-15 10:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 06:09 - 2009-07-14 06:45 - 00366120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 06:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 06:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 23:50 - 2012-08-16 08:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 23:44 - 2013-08-14 08:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 23:37 - 2013-03-21 06:12 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-06 22:22 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Maddäs\AppData\Roaming\V483t6QIzT4Ib7XPH9
2012-07-09 19:36 - 2012-07-09 19:36 - 0000094 _____ () C:\Users\Maddäs\AppData\Local\fusioncache.dat
2012-07-07 19:10 - 2012-07-07 19:10 - 0017408 _____ () C:\Users\Maddäs\AppData\Local\WebpageIcons.db
2014-11-08 17:10 - 2014-11-08 17:10 - 1096324 _____ () C:\ProgramData\1415456962.bdinstall.bin
2012-02-25 23:39 - 2012-02-25 23:42 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-09-22 08:11 - 2012-09-22 08:12 - 0000033 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\Maddäs\AppData\Local\Temp\ReiSysUpdate.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 06:51

==================== End Of Log ============================

--- --- ---

cosinus · 02.04.2015, 14:05

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Matty33 · 02.04.2015, 14:56

Code:

ATTFilter

# AdwCleaner v4.200 - Bericht erstellt 02/04/2015 um 15:19:09
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Maddäs - MADDÄS-PC
# Gestarted von : C:\Users\Maddäs\Downloads\AdwCleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : ReimageRealTimeProtector

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\FLV Player
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gelöscht : C:\Windows\SysWOW64\ARFC
Ordner Gelöscht : C:\Windows\SysWOW64\jmdp
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
Ordner Gelöscht : C:\Program Files\Reimage
Ordner Gelöscht : C:\Windows\System32\ljkb
Ordner Gelöscht : C:\Users\Maddäs\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Maddäs\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Windows\System32\dmwu.exe
Datei Gelöscht : C:\Windows\System32\ImhxxpComm.dll
Datei Gelöscht : C:\Users\Maddäs\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\foxydeal.sqlite
Datei Gelöscht : C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\invalidprefs.js

***** [ Geplante Tasks ] *****

Task Gelöscht : Reimage Reminder
Task Gelöscht : ReimageUpdater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKCU\Software\Appscion
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0 (x86 de)


*************************

AdwCleaner[R0].txt - [15475 Bytes] - [02/04/2015 15:17:30]
AdwCleaner[S0].txt - [14594 Bytes] - [02/04/2015 15:19:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14654  Bytes] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Madd„s on 02.04.2015 at 15:33:07,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] reimagerealtimeprotector 
Successfully deleted: [Service] reimagerealtimeprotector 



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Empty Folder] C:\Users\Madd„s\appdata\local\{0AE97E4A-7B7B-432A-8636-A113EA2ED12B}
Successfully deleted: [Empty Folder] C:\Users\Madd„s\appdata\local\{1270E5BA-FE0F-4CDB-B19F-9543BC300420}
Successfully deleted: [Empty Folder] C:\Users\Madd„s\appdata\local\{55C30DD2-8D07-4652-8898-3FD3DDCE0954}
Successfully deleted: [Empty Folder] C:\Users\Madd„s\appdata\local\{6F4D2622-D730-45AF-97F4-D109AC306E8B}
Successfully deleted: [Empty Folder] C:\Users\Madd„s\appdata\local\{749705EA-3620-44E0-BA9E-FF861ECCF546}
Successfully deleted: [Empty Folder] C:\Users\Madd„s\appdata\local\{763E5B01-7042-4176-9418-F816E38B812E}
Successfully deleted: [Empty Folder] C:\Users\Madd„s\appdata\local\{BC391E73-4B56-4B1B-ADBF-4F861CBC7629}
Successfully deleted: [Empty Folder] C:\Users\Madd„s\appdata\local\{D3B111E3-CE89-42FB-8112-4778CC0720B0}
Successfully deleted: [Empty Folder] C:\Users\Madd„s\appdata\local\{D517B05F-8199-4822-AC5F-5334B3276D1A}



~~~ FireFox

Emptied folder: C:\Users\Madd„s\AppData\Roaming\mozilla\firefox\profiles\gd8a7h2s.default-1384791945547\minidumps [150 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.04.2015 at 15:38:38,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Weiterhin vielen Dank für die Mühe!

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Maddäs (administrator) on MADDÄS-PC on 02-04-2015 15:46:21
Running from C:\Users\Maddäs\Downloads
Loaded Profiles: Maddäs (Available profiles: Maddäs)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1689576 2015-02-24] (Bitdefender)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1050519430-933015278-2871175751-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-24] (Bitdefender)
HKU\S-1-5-21-1050519430-933015278-2871175751-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51411;https=127.0.0.1:51411
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1050519430-933015278-2871175751-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547
FF Homepage: www.spielbox.de
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: 551f29203c1911e1b86c0800200c9a66jetpack - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\551f2920-3c19-11e1-b86c-0800200c9a66@jetpack [2015-04-01]
FF Extension: NetVideoHunter - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\netvideohunter@netvideohunter.com [2015-03-04]
FF Extension: new game - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\QqftOZ@gmail.com [2015-04-01]
FF Extension: ProxTube - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\ich@maltegoetz.de.xpi [2014-09-30]
FF Extension: Video DownloadHelper - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-15]
FF Extension: Adblock Plus - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-11]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-11-08]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-11-08]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-20] (Bitdefender)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-02-24] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-24] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-24] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-24] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155912 2015-01-20] (BitDefender LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-24] (BitDefender S.R.L.)
S3 cpuz134; \??\C:\Users\MADDS~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 15:38 - 2015-04-02 15:38 - 00002933 _____ () C:\Users\Maddäs\Desktop\JRT.txt
2015-04-02 15:33 - 2015-04-02 15:33 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MADDÄS-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-02 15:33 - 2015-04-02 15:33 - 00000000 ____D () C:\RegBackup
2015-04-02 15:32 - 2015-04-02 15:32 - 02690981 _____ (Thisisu) C:\Users\Maddäs\Downloads\JRT.exe
2015-04-02 15:27 - 2015-04-02 15:27 - 00014931 _____ () C:\Users\Maddäs\Desktop\AdwCleaner[S0].txt
2015-04-02 15:25 - 2015-04-02 15:26 - 00262144 _____ () C:\Windows\Minidump\040215-18548-01.dmp
2015-04-02 15:17 - 2015-04-02 15:19 - 00000000 ____D () C:\AdwCleaner
2015-04-02 15:16 - 2015-04-02 15:16 - 02208768 _____ () C:\Users\Maddäs\Downloads\AdwCleaner_4.200.exe
2015-04-02 14:33 - 2015-04-02 14:33 - 00000246 _____ () C:\Users\Maddäs\Downloads\defogger_enable.log
2015-04-02 13:27 - 2015-04-02 13:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Maddäs\Downloads\revosetup95.exe
2015-04-01 23:42 - 2015-04-01 23:42 - 00000476 _____ () C:\Users\Maddäs\Desktop\defogger_disable.txt
2015-04-01 23:41 - 2015-04-02 14:32 - 00000474 _____ () C:\Users\Maddäs\Downloads\defogger_disable.log
2015-04-01 23:40 - 2015-04-01 23:40 - 00050477 _____ () C:\Users\Maddäs\Downloads\Defogger.exe
2015-04-01 23:38 - 2015-04-02 15:10 - 01037792 _____ () C:\Users\Maddäs\Desktop\Gmer.txt
2015-04-01 23:26 - 2015-04-01 23:26 - 00380416 _____ () C:\Users\Maddäs\Downloads\Gmer-19357.exe
2015-04-01 23:16 - 2015-04-01 23:16 - 00050345 _____ () C:\Users\Maddäs\Desktop\FRST.txt
2015-04-01 23:16 - 2015-04-01 23:16 - 00031718 _____ () C:\Users\Maddäs\Desktop\Addition.txt
2015-04-01 23:03 - 2015-04-02 14:49 - 00028363 _____ () C:\Users\Maddäs\Downloads\Addition.txt
2015-04-01 23:02 - 2015-04-02 15:46 - 00015686 _____ () C:\Users\Maddäs\Downloads\FRST.txt
2015-04-01 22:51 - 2015-04-02 15:46 - 00000000 ____D () C:\FRST
2015-04-01 22:48 - 2015-04-01 22:48 - 02095616 _____ (Farbar) C:\Users\Maddäs\Downloads\FRST64.exe
2015-04-01 21:51 - 2015-04-01 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-01 21:50 - 2015-04-01 21:50 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Maddäs\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-01 21:26 - 2015-04-02 14:19 - 00000000 ____D () C:\rei
2015-04-01 19:43 - 2015-04-01 19:43 - 01203488 _____ () C:\Users\Maddäs\Downloads\Firefox - CHIP-Installer(2).exe
2015-04-01 18:46 - 2015-04-02 15:27 - 00000666 _____ () C:\Windows\Tasks\new_game_updating_service.job
2015-04-01 18:46 - 2015-04-01 19:28 - 00000000 ____D () C:\Program Files (x86)\new game
2015-04-01 18:46 - 2015-04-01 18:46 - 00003694 _____ () C:\Windows\System32\Tasks\new_game_updating_service
2015-04-01 18:46 - 2015-04-01 18:46 - 00001012 _____ () C:\Windows\Tasks\V483t6QIzT4Ib7XPH9.job
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\Maddäs\AppData\Roaming\V483t6QIzT4Ib7XPH9
2015-03-28 15:29 - 2015-03-28 15:29 - 08843007 _____ () C:\Users\Maddäs\Downloads\Female MMA Fight  Jessica Sanchez vs Felice Herrig 2013.mp4
2015-03-28 15:28 - 2015-03-28 15:31 - 317098048 _____ () C:\Users\Maddäs\Downloads\WXC 44  Independence Christianna Daniels vs Lauren Foley Womens MMA.mp4
2015-03-25 20:14 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 20:14 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 20:14 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 20:14 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 20:14 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 20:14 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 20:14 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 20:14 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 06:10 - 2015-03-23 06:10 - 12039986 _____ () C:\Users\Maddäs\Downloads\Furious 7 Movie CLIP - Girl Fight (2015) - Vin Diesel, Michelle Rodriquez Movie HD - YouTube.mp4
2015-03-23 05:59 - 2015-03-23 05:59 - 28268463 _____ () C:\Users\Maddäs\Downloads\春山ちえり　VS　羽柴まゆみ　キャットファイト - YouTube.mp4
2015-03-22 20:41 - 2015-04-01 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-11 18:12 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 18:12 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 18:12 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 18:12 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 18:12 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 18:12 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 18:12 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 18:12 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 18:12 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 18:12 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 18:12 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 18:12 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 18:12 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 18:12 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 18:12 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 18:12 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 18:12 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 18:12 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 18:12 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 18:12 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 18:12 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 18:11 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 18:11 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 18:11 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 18:11 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 18:11 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 18:11 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 18:11 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 18:11 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 18:11 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 18:11 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 18:11 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 18:11 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 18:11 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 18:11 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 18:11 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 18:11 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 18:11 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 18:11 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 18:11 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 18:11 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 18:11 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 18:11 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 18:11 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 18:11 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 18:11 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 18:11 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 18:11 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 18:11 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 18:11 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 18:10 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 18:10 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 18:10 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 18:10 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 18:10 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 18:10 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 18:10 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 18:10 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 18:10 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 18:10 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 18:10 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 18:10 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 18:10 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 18:10 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 18:10 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 18:10 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 18:10 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 18:10 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 18:10 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 18:10 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 18:10 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 18:10 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 18:10 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 18:10 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 18:10 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 18:10 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 18:10 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 18:10 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 18:10 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 18:10 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 18:10 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 18:10 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 18:10 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 18:10 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 18:10 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 18:10 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 18:10 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 18:10 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 18:10 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 18:10 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 18:10 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 18:10 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 18:10 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 18:10 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 18:10 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 18:10 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 18:10 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 18:10 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 18:10 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 18:10 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 18:10 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 18:10 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 18:10 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 18:10 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 18:10 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 18:10 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 18:10 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 18:10 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 18:10 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 18:10 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 18:10 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 18:10 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 18:10 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 15:34 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 15:34 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 15:33 - 2012-02-26 08:15 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-04-02 15:33 - 2012-02-26 08:15 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-04-02 15:33 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-02 15:26 - 2013-09-05 05:25 - 00079362 _____ () C:\Windows\setupact.log
2015-04-02 15:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-02 15:25 - 2013-09-12 14:47 - 436452031 _____ () C:\Windows\MEMORY.DMP
2015-04-02 15:25 - 2013-09-12 14:47 - 00000000 ____D () C:\Windows\Minidump
2015-04-02 15:19 - 2012-02-25 23:26 - 01215412 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 15:05 - 2013-04-19 05:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-02 14:33 - 2012-07-07 18:49 - 00000000 ____D () C:\Users\Maddäs
2015-04-02 14:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-02 13:44 - 2013-05-04 15:58 - 00000000 ____D () C:\Users\Maddäs\Tracing
2015-04-02 13:38 - 2014-05-12 22:08 - 00000000 ____D () C:\Users\Maddäs\AppData\Local\Windows Live
2015-04-02 13:35 - 2014-01-29 00:00 - 00001228 _____ () C:\Users\Maddäs\Desktop\Revo Uninstaller.lnk
2015-04-02 13:35 - 2012-09-10 17:49 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-02 06:45 - 2015-03-01 11:41 - 00000000 ____D () C:\Users\Maddäs\Desktop\Schnuckel-Verkauf
2015-04-02 06:43 - 2012-07-14 06:59 - 00000000 ____D () C:\Users\Maddäs\Desktop\Ebay
2015-04-02 06:42 - 2012-07-14 06:58 - 00000000 ____D () C:\Users\Maddäs\Desktop\Spielerunde
2015-04-02 06:34 - 2013-09-12 14:42 - 00203520 _____ () C:\Windows\PFRO.log
2015-04-02 00:54 - 2014-02-25 22:29 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-01 20:56 - 2014-10-17 15:21 - 00000000 ____D () C:\Users\Maddäs\AppData\Local\Adobe
2015-04-01 20:55 - 2013-04-19 05:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-01 20:55 - 2012-07-08 17:31 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-01 20:55 - 2011-10-27 14:12 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-01 20:14 - 2012-09-10 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-01 19:47 - 2012-09-10 20:10 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-31 20:12 - 2012-07-14 07:00 - 00000000 ____D () C:\Users\Maddäs\Desktop\Karin
2015-03-26 04:03 - 2014-12-11 03:00 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 04:03 - 2014-05-06 12:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 06:02 - 2012-08-22 19:32 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2015-03-24 22:23 - 2014-04-28 14:58 - 00001119 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-03-24 22:23 - 2012-08-22 19:32 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-03-17 18:34 - 2014-11-04 18:51 - 00000000 ____D () C:\Users\Maddäs\dwhelper
2015-03-15 20:58 - 2014-10-31 14:59 - 00000000 ____D () C:\Users\Maddäs\Desktop\Persönliches
2015-03-15 10:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 06:09 - 2009-07-14 06:45 - 00366120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 06:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 06:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 23:50 - 2012-08-16 08:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 23:44 - 2013-08-14 08:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 23:37 - 2013-03-21 06:12 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-06 22:22 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Maddäs\AppData\Roaming\V483t6QIzT4Ib7XPH9
2012-07-09 19:36 - 2012-07-09 19:36 - 0000094 _____ () C:\Users\Maddäs\AppData\Local\fusioncache.dat
2012-07-07 19:10 - 2012-07-07 19:10 - 0017408 _____ () C:\Users\Maddäs\AppData\Local\WebpageIcons.db
2014-11-08 17:10 - 2014-11-08 17:10 - 1096324 _____ () C:\ProgramData\1415456962.bdinstall.bin
2012-02-25 23:39 - 2012-02-25 23:42 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-09-22 08:11 - 2012-09-22 08:12 - 0000033 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\Maddäs\AppData\Local\Temp\Quarantine.exe
C:\Users\Maddäs\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\Maddäs\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 06:51

==================== End Of Log ============================

--- --- ---

--- --- ---

cosinus · 02.04.2015, 15:16

Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

Matty33 · 02.04.2015, 17:48

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Maddäs at 2015-04-02 18:45:48
Running from C:\Users\Maddäs\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0530.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.17.0.1227 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0 (x86 de)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Photomatix Pro version 4.0.2 (HKLM-x32\...\PhotomatixPro4.0x32_is1) (Version: 4.0.2 - HDRsoft Sarl)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
SweetIM for Messenger 3.7 (x32 Version: 3.7.0007 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.17.5 - Synaptics Incorporated)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-03-2015 20:32:04 Geplanter Prüfpunkt
11-03-2015 23:33:40 Windows Update
19-03-2015 23:48:18 Geplanter Prüfpunkt
25-03-2015 21:24:30 Windows Update
01-04-2015 19:51:42 Revo Uninstaller's restore point - Adobe Flash Player 17 NPAPI
01-04-2015 19:54:55 Revo Uninstaller's restore point - Adobe Flash Player 16 ActiveX
01-04-2015 19:59:32 Windows Update
01-04-2015 20:26:43 Windows Update
01-04-2015 22:21:52 Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 2.1.4.1018
02-04-2015 13:47:44 Revo Uninstaller's restore point - Windows Live Essentials
02-04-2015 13:53:32 Windows Live Essentials

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08D16BC6-2B4C-4DE2-8C48-5EA26DDDBC9E} - System32\Tasks\new_game_updating_service => C:\Program Files (x86)\new game\new_game_updating_service.exe [2015-04-02] ()
Task: {3D3057BA-82BA-4227-A985-98C4847EB91C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4EF3FA61-6E01-4D25-98D5-0434373E5C3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {78CBDA9A-4B07-4400-B7D5-7AF1D37750B2} - \new_game_notification_service No Task File <==== ATTENTION
Task: {86063057-714F-49BA-890D-35D6CA58F967} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {B0414489-3A0B-4943-8AD9-9B629BB5C3A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {B7923AFF-F1B6-4C53-85D7-191AABC14559} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {FCBADC99-BB74-4424-A548-BBD88CB3F5F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-01] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\new_game_updating_service.job => C:\Program Files (x86)\new game\new_game_updating_service.exe© /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=new_game_updating_service /funurl=http:/stats.buildomserv.com
Task: C:\Windows\Tasks\V483t6QIzT4Ib7XPH9.job => C:\Users\Maddýÿs\AppData\Roaming\V483t6QIzT4Ib7XPH9.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-08 16:56 - 2014-08-27 17:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-11-08 16:56 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-11-08 16:56 - 2014-10-15 13:08 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-11-08 16:56 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-04-02 14:13 - 2015-04-02 14:13 - 00785736 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00150_003\ashttpbr.mdl
2015-04-02 14:13 - 2015-04-02 14:13 - 00706408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00150_003\ashttpdsp.mdl
2015-04-02 14:13 - 2015-04-02 14:13 - 02681448 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00150_003\ashttpph.mdl
2015-04-02 14:13 - 2015-04-02 14:13 - 01324432 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00150_003\ashttprbl.mdl
2011-10-27 14:06 - 2011-08-09 01:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-12 17:43 - 2012-09-25 12:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2015-01-20 17:53 - 2015-02-24 19:24 - 00471056 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdidntconp.dll
2015-01-20 17:52 - 2015-02-24 19:25 - 00188416 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\ui\bdidntconp.ui
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-01-12 17:41 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-04-01 20:55 - 2015-04-01 20:55 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Maddäs\Downloads\AdwCleaner_4.200.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\ConvertHelperSetup.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\Defogger.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\driverscanner.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\Firefox - CHIP-Installer(2).exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\Gmer-19357.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\mbam-setup-2.1.4.1018.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\PDFCreator-1_7_2_setup.exe:BDU
AlternateDataStreams: C:\Users\Maddäs\Downloads\revosetup95.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1050519430-933015278-2871175751-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Maddäs\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BBSvc => 3
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1050519430-933015278-2871175751-500 - Administrator - Disabled)
Gast (S-1-5-21-1050519430-933015278-2871175751-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1050519430-933015278-2871175751-1002 - Limited - Enabled)
Maddäs (S-1-5-21-1050519430-933015278-2871175751-1001 - Administrator - Enabled) => C:\Users\Maddäs

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2015 06:36:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (04/02/2015 06:36:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 82%
Total physical RAM: 3764.86 MB
Available physical RAM: 665.84 MB
Total Pagefile: 7527.91 MB
Available Pagefile: 4086.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.49 GB) (Free:86.5 GB) NTFS
Drive j: () (Removable) (Total:0.47 GB) (Free:0.45 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2B7B485D)
Partition 1: (Not Active) - (Size=13.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 483.9 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Maddäs (administrator) on MADDÄS-PC on 02-04-2015 18:41:12
Running from C:\Users\Maddäs\Downloads
Loaded Profiles: Maddäs (Available profiles: Maddäs)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1689576 2015-02-24] (Bitdefender)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1050519430-933015278-2871175751-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-24] (Bitdefender)
HKU\S-1-5-21-1050519430-933015278-2871175751-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51411;https=127.0.0.1:51411
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1050519430-933015278-2871175751-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547
FF Homepage: www.spielbox.de
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: 551f29203c1911e1b86c0800200c9a66jetpack - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\551f2920-3c19-11e1-b86c-0800200c9a66@jetpack [2015-04-01]
FF Extension: NetVideoHunter - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\netvideohunter@netvideohunter.com [2015-03-04]
FF Extension: new game - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\QqftOZ@gmail.com [2015-04-01]
FF Extension: ProxTube - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\ich@maltegoetz.de.xpi [2014-09-30]
FF Extension: Video DownloadHelper - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-15]
FF Extension: Adblock Plus - C:\Users\Maddäs\AppData\Roaming\Mozilla\Firefox\Profiles\gd8a7h2s.default-1384791945547\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-11]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-11-08]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-11-08]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-20] (Bitdefender)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-02-24] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-24] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-24] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-24] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155912 2015-01-20] (BitDefender LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-24] (BitDefender S.R.L.)
S3 cpuz134; \??\C:\Users\MADDS~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 15:38 - 2015-04-02 15:38 - 00002933 _____ () C:\Users\Maddäs\Desktop\JRT.txt
2015-04-02 15:33 - 2015-04-02 15:33 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MADDÄS-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-02 15:33 - 2015-04-02 15:33 - 00000000 ____D () C:\RegBackup
2015-04-02 15:32 - 2015-04-02 15:32 - 02690981 _____ (Thisisu) C:\Users\Maddäs\Downloads\JRT.exe
2015-04-02 15:27 - 2015-04-02 15:27 - 00014931 _____ () C:\Users\Maddäs\Desktop\AdwCleaner[S0].txt
2015-04-02 15:25 - 2015-04-02 15:26 - 00262144 _____ () C:\Windows\Minidump\040215-18548-01.dmp
2015-04-02 15:17 - 2015-04-02 15:19 - 00000000 ____D () C:\AdwCleaner
2015-04-02 15:16 - 2015-04-02 15:16 - 02208768 _____ () C:\Users\Maddäs\Downloads\AdwCleaner_4.200.exe
2015-04-02 14:33 - 2015-04-02 14:33 - 00000246 _____ () C:\Users\Maddäs\Downloads\defogger_enable.log
2015-04-02 13:27 - 2015-04-02 13:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Maddäs\Downloads\revosetup95.exe
2015-04-01 23:42 - 2015-04-01 23:42 - 00000476 _____ () C:\Users\Maddäs\Desktop\defogger_disable.txt
2015-04-01 23:41 - 2015-04-02 14:32 - 00000474 _____ () C:\Users\Maddäs\Downloads\defogger_disable.log
2015-04-01 23:40 - 2015-04-01 23:40 - 00050477 _____ () C:\Users\Maddäs\Downloads\Defogger.exe
2015-04-01 23:38 - 2015-04-02 15:10 - 01037792 _____ () C:\Users\Maddäs\Desktop\Gmer.txt
2015-04-01 23:26 - 2015-04-01 23:26 - 00380416 _____ () C:\Users\Maddäs\Downloads\Gmer-19357.exe
2015-04-01 23:16 - 2015-04-02 15:47 - 00048767 _____ () C:\Users\Maddäs\Desktop\FRST.txt
2015-04-01 23:16 - 2015-04-01 23:16 - 00031718 _____ () C:\Users\Maddäs\Desktop\Addition.txt
2015-04-01 23:03 - 2015-04-02 15:49 - 00019112 _____ () C:\Users\Maddäs\Downloads\Addition.txt
2015-04-01 23:02 - 2015-04-02 18:43 - 00015688 _____ () C:\Users\Maddäs\Downloads\FRST.txt
2015-04-01 22:51 - 2015-04-02 18:41 - 00000000 ____D () C:\FRST
2015-04-01 22:48 - 2015-04-01 22:48 - 02095616 _____ (Farbar) C:\Users\Maddäs\Downloads\FRST64.exe
2015-04-01 21:51 - 2015-04-01 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-01 21:50 - 2015-04-01 21:50 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Maddäs\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-01 21:26 - 2015-04-02 14:19 - 00000000 ____D () C:\rei
2015-04-01 19:43 - 2015-04-01 19:43 - 01203488 _____ () C:\Users\Maddäs\Downloads\Firefox - CHIP-Installer(2).exe
2015-04-01 18:46 - 2015-04-02 18:36 - 00000666 _____ () C:\Windows\Tasks\new_game_updating_service.job
2015-04-01 18:46 - 2015-04-01 19:28 - 00000000 ____D () C:\Program Files (x86)\new game
2015-04-01 18:46 - 2015-04-01 18:46 - 00003694 _____ () C:\Windows\System32\Tasks\new_game_updating_service
2015-04-01 18:46 - 2015-04-01 18:46 - 00001012 _____ () C:\Windows\Tasks\V483t6QIzT4Ib7XPH9.job
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\Maddäs\AppData\Roaming\V483t6QIzT4Ib7XPH9
2015-03-28 15:29 - 2015-03-28 15:29 - 08843007 _____ () C:\Users\Maddäs\Downloads\Female MMA Fight  Jessica Sanchez vs Felice Herrig 2013.mp4
2015-03-28 15:28 - 2015-03-28 15:31 - 317098048 _____ () C:\Users\Maddäs\Downloads\WXC 44  Independence Christianna Daniels vs Lauren Foley Womens MMA.mp4
2015-03-25 20:14 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 20:14 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 20:14 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 20:14 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 20:14 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 20:14 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 20:14 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 20:14 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 06:10 - 2015-03-23 06:10 - 12039986 _____ () C:\Users\Maddäs\Downloads\Furious 7 Movie CLIP - Girl Fight (2015) - Vin Diesel, Michelle Rodriquez Movie HD - YouTube.mp4
2015-03-23 05:59 - 2015-03-23 05:59 - 28268463 _____ () C:\Users\Maddäs\Downloads\春山ちえり　VS　羽柴まゆみ　キャットファイト - YouTube.mp4
2015-03-22 20:41 - 2015-04-01 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-11 18:12 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 18:12 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 18:12 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 18:12 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 18:12 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 18:12 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 18:12 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 18:12 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 18:12 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 18:12 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 18:12 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 18:12 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 18:12 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 18:12 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 18:12 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 18:12 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 18:12 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 18:12 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 18:12 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 18:12 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 18:12 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 18:12 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 18:12 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 18:12 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 18:12 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 18:11 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 18:11 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 18:11 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 18:11 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 18:11 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 18:11 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 18:11 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 18:11 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 18:11 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 18:11 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 18:11 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 18:11 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 18:11 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 18:11 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 18:11 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 18:11 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 18:11 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 18:11 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 18:11 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 18:11 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 18:11 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 18:11 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 18:11 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 18:11 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 18:11 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 18:11 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 18:11 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 18:11 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 18:11 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 18:11 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 18:11 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 18:11 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 18:11 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 18:11 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 18:10 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 18:10 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 18:10 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 18:10 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 18:10 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 18:10 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 18:10 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 18:10 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 18:10 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 18:10 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 18:10 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 18:10 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 18:10 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 18:10 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 18:10 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 18:10 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 18:10 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 18:10 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 18:10 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 18:10 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 18:10 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 18:10 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 18:10 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 18:10 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 18:10 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 18:10 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 18:10 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 18:10 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 18:10 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 18:10 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 18:10 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 18:10 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 18:10 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 18:10 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 18:10 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 18:10 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 18:10 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 18:10 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 18:10 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 18:10 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 18:10 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 18:10 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 18:10 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 18:10 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 18:10 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 18:10 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 18:10 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 18:10 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 18:10 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 18:10 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 18:10 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 18:10 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 18:10 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 18:10 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 18:10 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 18:10 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 18:10 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 18:10 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 18:10 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 18:10 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 18:10 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 18:10 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 18:10 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 18:43 - 2012-02-25 23:26 - 01221377 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 18:42 - 2012-02-26 08:15 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-04-02 18:42 - 2012-02-26 08:15 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-04-02 18:42 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-02 18:36 - 2013-09-05 05:25 - 00079418 _____ () C:\Windows\setupact.log
2015-04-02 18:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-02 15:34 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 15:34 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 15:25 - 2013-09-12 14:47 - 436452031 _____ () C:\Windows\MEMORY.DMP
2015-04-02 15:25 - 2013-09-12 14:47 - 00000000 ____D () C:\Windows\Minidump
2015-04-02 15:05 - 2013-04-19 05:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-02 14:33 - 2012-07-07 18:49 - 00000000 ____D () C:\Users\Maddäs
2015-04-02 14:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-02 13:44 - 2013-05-04 15:58 - 00000000 ____D () C:\Users\Maddäs\Tracing
2015-04-02 13:38 - 2014-05-12 22:08 - 00000000 ____D () C:\Users\Maddäs\AppData\Local\Windows Live
2015-04-02 13:35 - 2014-01-29 00:00 - 00001228 _____ () C:\Users\Maddäs\Desktop\Revo Uninstaller.lnk
2015-04-02 13:35 - 2012-09-10 17:49 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-02 06:45 - 2015-03-01 11:41 - 00000000 ____D () C:\Users\Maddäs\Desktop\Schnuckel-Verkauf
2015-04-02 06:43 - 2012-07-14 06:59 - 00000000 ____D () C:\Users\Maddäs\Desktop\Ebay
2015-04-02 06:42 - 2012-07-14 06:58 - 00000000 ____D () C:\Users\Maddäs\Desktop\Spielerunde
2015-04-02 06:34 - 2013-09-12 14:42 - 00203520 _____ () C:\Windows\PFRO.log
2015-04-02 00:54 - 2014-02-25 22:29 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-01 20:56 - 2014-10-17 15:21 - 00000000 ____D () C:\Users\Maddäs\AppData\Local\Adobe
2015-04-01 20:55 - 2013-04-19 05:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-01 20:55 - 2012-07-08 17:31 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-01 20:55 - 2011-10-27 14:12 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-01 20:14 - 2012-09-10 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-01 19:47 - 2012-09-10 20:10 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-31 20:12 - 2012-07-14 07:00 - 00000000 ____D () C:\Users\Maddäs\Desktop\Karin
2015-03-26 04:03 - 2014-12-11 03:00 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 04:03 - 2014-05-06 12:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 06:02 - 2012-08-22 19:32 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2015-03-24 22:23 - 2014-04-28 14:58 - 00001119 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-03-24 22:23 - 2012-08-22 19:32 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-03-17 18:34 - 2014-11-04 18:51 - 00000000 ____D () C:\Users\Maddäs\dwhelper
2015-03-15 20:58 - 2014-10-31 14:59 - 00000000 ____D () C:\Users\Maddäs\Desktop\Persönliches
2015-03-15 10:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 06:09 - 2009-07-14 06:45 - 00366120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 06:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 06:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 23:50 - 2012-08-16 08:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 23:44 - 2013-08-14 08:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 23:37 - 2013-03-21 06:12 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-06 22:22 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Maddäs\AppData\Roaming\V483t6QIzT4Ib7XPH9
2012-07-09 19:36 - 2012-07-09 19:36 - 0000094 _____ () C:\Users\Maddäs\AppData\Local\fusioncache.dat
2012-07-07 19:10 - 2012-07-07 19:10 - 0017408 _____ () C:\Users\Maddäs\AppData\Local\WebpageIcons.db
2014-11-08 17:10 - 2014-11-08 17:10 - 1096324 _____ () C:\ProgramData\1415456962.bdinstall.bin
2012-02-25 23:39 - 2012-02-25 23:42 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-09-22 08:11 - 2012-09-22 08:12 - 0000033 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\Maddäs\AppData\Local\Temp\Quarantine.exe
C:\Users\Maddäs\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\Maddäs\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 06:51

==================== End Of Log ============================

--- --- ---

cosinus · 03.04.2015, 14:42

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

SweetIM for Messenger 3.7
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

02.04.2015, 15:16	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7: Webseiten werden auf Werbung umgeleitet Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken. __________________ Logfiles bitte immer in CODE-Tags posten

Windows 7: Webseiten werden auf Werbung umgeleitet

Log-Analyse und Auswertung: Windows 7: Webseiten werden auf Werbung umgeleitet