Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam

Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam


Log-Analyse und Auswertung: Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 27.12.2013, 22:56   #1
walerlego
 
Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam - Standard

Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam


Hallo,
mein Rechner ist seit einigen Tagen extrem langsam. Nah kurzer Recherche habe ich festgestellt, dass der Explorer extrem viel Arbeitsspeicher verwendet. Virus oder Windows-Problem?

Mögliche Erklärung wäre höchstens die Nutzung einer WD MyCloud Festplatte im lokalen Netzwerk, aber das auch nur, weil die Probleme ungefähr zu dem Zeitpunkt einsetzten, als ich das Ding gekauft habe.

Das Gmer-Log ist zu groß für den Anhang, daher ist der bei Sendspace gehostet.

hxxp://www.sendspace.com/file/s510e9

Alt 28.12.2013, 01:44   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam - Standard

Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 28.12.2013, 11:46   #3
walerlego
 
Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam - Standard

Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam


Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-27 22:10:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC45 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\FRAUNA~1\AppData\Local\Temp\pwlyqpow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   0000000076ef1360 5 bytes JMP 0000000100040470
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                            0000000076ef13b0 5 bytes JMP 0000000100040460
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            0000000076ef1510 5 bytes JMP 0000000100040370
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 0000000076ef1560 5 bytes JMP 0000000100040480
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       0000000076ef1570 5 bytes JMP 00000001000403e0
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                            0000000076ef1620 5 bytes JMP 0000000100040320
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     0000000076ef1650 5 bytes JMP 00000001000403b0
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        0000000076ef1670 5 bytes JMP 0000000100040390
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              0000000076ef16b0 5 bytes JMP 00000001000402e0
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                         0000000076ef1700 5 bytes JMP 0000000100040440
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            0000000076ef1730 5 bytes JMP 00000001000402d0
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                          0000000076ef1750 5 bytes JMP 0000000100040310
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                           0000000076ef1790 5 bytes JMP 00000001000403c0
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        0000000076ef17e0 5 bytes JMP 00000001000403f0
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           0000000076ef1940 5 bytes JMP 0000000100040230
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                0000000076ef1b00 1 byte JMP 0000000100040490
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                            0000000076ef1b02 3 bytes JMP 0000000076efa41b
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               0000000076ef1b30 5 bytes JMP 00000001000403a0
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        0000000076ef1c10 5 bytes JMP 00000001000402f0
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     0000000076ef1c20 5 bytes JMP 0000000100040350
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           0000000076ef1c80 5 bytes JMP 0000000100040290
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        0000000076ef1d10 5 bytes JMP 00000001000402b0
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         0000000076ef1d30 5 bytes JMP 00000001000403d0
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            0000000076ef1d40 5 bytes JMP 0000000100040330
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     0000000076ef1db0 5 bytes JMP 0000000100040410
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        0000000076ef1de0 5 bytes JMP 0000000100040240
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             0000000076ef20a0 5 bytes JMP 00000001000401e0
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        0000000076ef2160 5 bytes JMP 0000000100040250
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        0000000076ef2190 5 bytes JMP 00000001000404a0
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               0000000076ef21a0 5 bytes JMP 00000001000404b0
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          0000000076ef21d0 5 bytes JMP 0000000100040300
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       0000000076ef21e0 5 bytes JMP 0000000100040360
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             0000000076ef2240 5 bytes JMP 00000001000402a0
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          0000000076ef2290 5 bytes JMP 00000001000402c0
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                             0000000076ef22c0 5 bytes JMP 0000000100040380
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              0000000076ef22d0 5 bytes JMP 0000000100040340
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       0000000076ef25c0 1 byte JMP 0000000100040450
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                   0000000076ef25c2 3 bytes {JMP 0xffffffff8914de90}
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      0000000076ef27c0 5 bytes JMP 0000000100040260
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         0000000076ef27d0 5 bytes JMP 0000000100040270
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       0000000076ef27e0 5 bytes JMP 0000000100040400
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   0000000076ef29a0 5 bytes JMP 00000001000401f0
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    0000000076ef29b0 5 bytes JMP 0000000100040210
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         0000000076ef2a20 5 bytes JMP 0000000100040200
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         0000000076ef2a80 5 bytes JMP 0000000100040420
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          0000000076ef2a90 5 bytes JMP 0000000100040430
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     0000000076ef2aa0 5 bytes JMP 0000000100040220
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                             0000000076ef2b80 5 bytes JMP 0000000100040280
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   0000000076ef1360 5 bytes JMP 000000014a530470
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                            0000000076ef13b0 5 bytes JMP 000000014a530460
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            0000000076ef1510 5 bytes JMP 000000014a530370
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 0000000076ef1560 5 bytes JMP 000000014a530480
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       0000000076ef1570 5 bytes JMP 000000014a5303e0
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                            0000000076ef1620 5 bytes JMP 000000014a530320
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     0000000076ef1650 5 bytes JMP 000000014a5303b0
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        0000000076ef1670 5 bytes JMP 000000014a530390
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              0000000076ef16b0 5 bytes JMP 000000014a5302e0
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                         0000000076ef1700 5 bytes JMP 000000014a530440
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            0000000076ef1730 5 bytes JMP 000000014a5302d0
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                          0000000076ef1750 5 bytes JMP 000000014a530310
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                           0000000076ef1790 5 bytes JMP 000000014a5303c0
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        0000000076ef17e0 5 bytes JMP 000000014a5303f0
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           0000000076ef1940 5 bytes JMP 000000014a530230
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                0000000076ef1b00 1 byte JMP 000000014a530490
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                            0000000076ef1b02 3 bytes JMP 0000000076efee6a
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               0000000076ef1b30 5 bytes JMP 000000014a5303a0
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        0000000076ef1c10 5 bytes JMP 000000014a5302f0
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     0000000076ef1c20 5 bytes JMP 000000014a530350
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           0000000076ef1c80 5 bytes JMP 000000014a530290
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        0000000076ef1d10 5 bytes JMP 000000014a5302b0
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         0000000076ef1d30 5 bytes JMP 000000014a5303d0
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            0000000076ef1d40 5 bytes JMP 000000014a530330
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     0000000076ef1db0 5 bytes JMP 000000014a530410
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        0000000076ef1de0 5 bytes JMP 000000014a530240
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             0000000076ef20a0 5 bytes JMP 000000014a5301e0
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        0000000076ef2160 5 bytes JMP 000000014a530250
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        0000000076ef2190 5 bytes JMP 000000014a5304a0
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               0000000076ef21a0 5 bytes JMP 000000014a5304b0
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          0000000076ef21d0 5 bytes JMP 000000014a530300
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       0000000076ef21e0 5 bytes JMP 000000014a530360
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             0000000076ef2240 5 bytes JMP 000000014a5302a0
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          0000000076ef2290 5 bytes JMP 000000014a5302c0
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                             0000000076ef22c0 5 bytes JMP 000000014a530380
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              0000000076ef22d0 5 bytes JMP 000000014a530340
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       0000000076ef25c0 1 byte JMP 000000014a530450
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                   0000000076ef25c2 3 bytes {JMP 0xffffffffd363de90}
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      0000000076ef27c0 5 bytes JMP 000000014a530260
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         0000000076ef27d0 5 bytes JMP 000000014a530270
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       0000000076ef27e0 5 bytes JMP 000000014a530400
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   0000000076ef29a0 5 bytes JMP 000000014a5301f0
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    0000000076ef29b0 5 bytes JMP 000000014a530210
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         0000000076ef2a20 5 bytes JMP 000000014a530200
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         0000000076ef2a80 5 bytes JMP 000000014a530420
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          0000000076ef2a90 5 bytes JMP 000000014a530430
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     0000000076ef2aa0 5 bytes JMP 000000014a530220
.text  C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                             0000000076ef2b80 5 bytes JMP 000000014a530280
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000076ef1360 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000076ef13b0 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000076ef1560 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                      0000000076ef1700 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000076ef1b00 1 byte JMP 0000000077050490
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                         0000000076ef1b02 3 bytes JMP 0000000076ef1b1c
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000076ef2190 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000076ef21a0 5 bytes JMP 00000000770504b0
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000076ef25c0 1 byte JMP 0000000077050450
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                0000000076ef25c2 3 bytes {JMP 0x15de90}
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\winlogon.exe[544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000076cdeecd 1 byte [62]
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000076ef1360 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000076ef13b0 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000076ef1560 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                      0000000076ef1700 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000076ef1b00 1 byte JMP 0000000077050490
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                         0000000076ef1b02 3 bytes JMP 0000000076ef1b1c
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000076ef2190 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000076ef21a0 5 bytes JMP 00000000770504b0
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000076ef25c0 1 byte JMP 0000000077050450
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                0000000076ef25c2 3 bytes {JMP 0x15de90}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000076cdeecd 1 byte [62]
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   0000000076ef1360 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                            0000000076ef13b0 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 0000000076ef1560 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                            0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                         0000000076ef1700 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                          0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                           0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                0000000076ef1b00 1 byte JMP 0000000077050490
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                            0000000076ef1b02 3 bytes JMP 0000000076ef1b1c
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        0000000076ef2190 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               0000000076ef21a0 5 bytes JMP 00000000770504b0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                             0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       0000000076ef25c0 1 byte JMP 0000000077050450
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                   0000000076ef25c2 3 bytes {JMP 0x15de90}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                             0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                 0000000076ef1360 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                          0000000076ef13b0 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                          0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                               0000000076ef1560 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                          0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                   0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                      0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                            0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                       0000000076ef1700 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                          0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                        0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                         0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                      0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                         0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                              0000000076ef1b00 1 byte JMP 0000000077050490
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                          0000000076ef1b02 3 bytes JMP 0000000076ef1b1c
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                             0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                      0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                   0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                         0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                      0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                       0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                          0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                   0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                      0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                           0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                      0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                      0000000076ef2190 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                             0000000076ef21a0 5 bytes JMP 00000000770504b0
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                        0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                     0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                           0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                        0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                           0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                            0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                     0000000076ef25c0 1 byte JMP 0000000077050450
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                 0000000076ef25c2 3 bytes {JMP 0x15de90}
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                    0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                       0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                 0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                  0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                       0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                       0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                        0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                   0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                           0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\svchost.exe[712] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                0000000076cdeecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                 0000000076ef1360 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                          0000000076ef13b0 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                          0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                               0000000076ef1560 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                          0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                   0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                      0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                            0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                       0000000076ef1700 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                          0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                        0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                         0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                      0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                         0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                              0000000076ef1b00 1 byte JMP 0000000077050490
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                          0000000076ef1b02 3 bytes JMP 0000000076ef1b1c
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                             0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                      0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                   0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                         0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                      0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                       0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                          0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                   0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                      0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                           0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                      0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                      0000000076ef2190 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                             0000000076ef21a0 5 bytes JMP 00000000770504b0
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                        0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                     0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                           0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                        0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                           0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                            0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                     0000000076ef25c0 1 byte JMP 0000000077050450
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                 0000000076ef25c2 3 bytes {JMP 0x15de90}
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                    0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                       0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                 0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                  0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                       0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                       0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                        0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                   0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                           0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                 0000000076ef1360 5 bytes JMP 0000000077050470
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                          0000000076ef13b0 5 bytes JMP 0000000077050460
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                          0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                               0000000076ef1560 5 bytes JMP 0000000077050480
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                          0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                   0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                      0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                            0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                       0000000076ef1700 5 bytes JMP 0000000077050440
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                          0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                        0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                         0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                      0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                         0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                              0000000076ef1b00 1 byte JMP 0000000077050490
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                          0000000076ef1b02 3 bytes JMP 0000000076ef1b1c
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                             0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                      0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                   0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                         0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                      0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                       0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                          0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                   0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                      0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                           0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                      0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                      0000000076ef2190 5 bytes JMP 00000000770504a0
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                             0000000076ef21a0 5 bytes JMP 00000000770504b0
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                        0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                     0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                           0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                        0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                           0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                            0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                     0000000076ef25c0 1 byte JMP 0000000077050450
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                 0000000076ef25c2 3 bytes {JMP 0x15de90}
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                    0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                       0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                 0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                  0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                       0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                       0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                        0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                   0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                           0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\System32\svchost.exe[900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                0000000076cdeecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                 0000000076ef1360 5 bytes JMP 0000000077050470
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                          0000000076ef13b0 5 bytes JMP 0000000077050460
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                          0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                               0000000076ef1560 5 bytes JMP 0000000077050480
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                          0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                   0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                      0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                            0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                       0000000076ef1700 5 bytes JMP 0000000077050440
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                          0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                        0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                         0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                      0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                         0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                              0000000076ef1b00 1 byte JMP 0000000077050490
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                          0000000076ef1b02 3 bytes JMP 0000000076ef1b1c
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                             0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                      0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                   0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                         0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                      0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                       0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                          0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                   0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                      0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                           0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                      0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                      0000000076ef2190 5 bytes JMP 00000000770504a0
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                             0000000076ef21a0 5 bytes JMP 00000000770504b0
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                        0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                     0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                           0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                        0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                           0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                            0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                     0000000076ef25c0 1 byte JMP 0000000077050450
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                 0000000076ef25c2 3 bytes {JMP 0x15de90}
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                    0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                       0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     0000000076ef27e0 5 bytes JMP 0000000077050400
__________________
Alt 28.12.2013, 11:50   #4
walerlego
 
Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam - Standard

Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam


Code:
ATTFilter
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                 0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                  0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                       0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                       0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                        0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                   0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                           0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\System32\svchost.exe[944] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                0000000076cdeecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                 0000000076ef1360 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                          0000000076ef13b0 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                          0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                               0000000076ef1560 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                          0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                   0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                      0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                            0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                       0000000076ef1700 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                          0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                        0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                         0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                      0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                         0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                              0000000076ef1b00 1 byte JMP 0000000077050490
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                          0000000076ef1b02 3 bytes JMP 0000000076ef1b1c
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                             0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                      0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                   0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                         0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                      0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                       0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                          0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                   0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                      0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                           0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                      0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                      0000000076ef2190 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                             0000000076ef21a0 5 bytes JMP 00000000770504b0
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                        0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                     0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                           0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                        0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                           0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                            0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                     0000000076ef25c0 1 byte JMP 0000000077050450
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                 0000000076ef25c2 3 bytes {JMP 0x15de90}
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                    0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                       0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                 0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                  0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                       0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                       0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                        0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                   0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                           0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                 0000000076ef1360 5 bytes JMP 0000000100070470
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                          0000000076ef13b0 5 bytes JMP 0000000100070460
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                          0000000076ef1510 5 bytes JMP 0000000100070370
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                               0000000076ef1560 5 bytes JMP 0000000100070480
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     0000000076ef1570 5 bytes JMP 00000001000703e0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                          0000000076ef1620 5 bytes JMP 0000000100070320
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                   0000000076ef1650 5 bytes JMP 00000001000703b0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                      0000000076ef1670 5 bytes JMP 0000000100070390
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                            0000000076ef16b0 5 bytes JMP 00000001000702e0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                       0000000076ef1700 5 bytes JMP 0000000100070440
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                          0000000076ef1730 5 bytes JMP 00000001000702d0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                        0000000076ef1750 5 bytes JMP 0000000100070310
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                         0000000076ef1790 5 bytes JMP 00000001000703c0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                      0000000076ef17e0 5 bytes JMP 00000001000703f0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                         0000000076ef1940 5 bytes JMP 0000000100070230
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                              0000000076ef1b00 1 byte JMP 0000000100070490
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                          0000000076ef1b02 3 bytes JMP 0000000076efa41e
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                             0000000076ef1b30 5 bytes JMP 00000001000703a0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                      0000000076ef1c10 5 bytes JMP 00000001000702f0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                   0000000076ef1c20 5 bytes JMP 0000000100070350
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                         0000000076ef1c80 5 bytes JMP 0000000100070290
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                      0000000076ef1d10 5 bytes JMP 00000001000702b0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                       0000000076ef1d30 5 bytes JMP 00000001000703d0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                          0000000076ef1d40 5 bytes JMP 0000000100070330
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                   0000000076ef1db0 5 bytes JMP 0000000100070410
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                      0000000076ef1de0 5 bytes JMP 0000000100070240
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                           0000000076ef20a0 5 bytes JMP 00000001000701e0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                      0000000076ef2160 5 bytes JMP 0000000100070250
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                      0000000076ef2190 5 bytes JMP 00000001000704a0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                             0000000076ef21a0 5 bytes JMP 00000001000704b0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                        0000000076ef21d0 5 bytes JMP 0000000100070300
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                     0000000076ef21e0 5 bytes JMP 0000000100070360
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                           0000000076ef2240 5 bytes JMP 00000001000702a0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                        0000000076ef2290 5 bytes JMP 00000001000702c0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                           0000000076ef22c0 5 bytes JMP 0000000100070380
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                            0000000076ef22d0 5 bytes JMP 0000000100070340
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                     0000000076ef25c0 1 byte JMP 0000000100070450
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                 0000000076ef25c2 3 bytes {JMP 0xffffffff8917de90}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                    0000000076ef27c0 5 bytes JMP 0000000100070260
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                       0000000076ef27d0 5 bytes JMP 0000000100070270
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     0000000076ef27e0 5 bytes JMP 0000000100070400
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                 0000000076ef29a0 5 bytes JMP 00000001000701f0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                  0000000076ef29b0 5 bytes JMP 0000000100070210
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                       0000000076ef2a20 5 bytes JMP 0000000100070200
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                       0000000076ef2a80 5 bytes JMP 0000000100070420
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                        0000000076ef2a90 5 bytes JMP 0000000100070430
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                   0000000076ef2aa0 5 bytes JMP 0000000100070220
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                           0000000076ef2b80 5 bytes JMP 0000000100070280
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                0000000076cdeecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000076ef1360 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000076ef13b0 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000076ef1560 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                      0000000076ef1700 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000076ef1b00 1 byte JMP 0000000077050490
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                         0000000076ef1b02 3 bytes JMP 0000000076ef1b1c
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000076ef2190 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000076ef21a0 5 bytes JMP 00000000770504b0
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000076ef25c0 1 byte JMP 0000000077050450
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                0000000076ef25c2 3 bytes {JMP 0x15de90}
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000076cdeecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000076ef1360 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000076ef13b0 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000076ef1560 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                      0000000076ef1700 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000076ef1b00 1 byte JMP 0000000077050490
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                         0000000076ef1b02 3 bytes JMP 0000000076ef1b1c
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000076ef2190 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000076ef21a0 5 bytes JMP 00000000770504b0
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000076ef25c0 1 byte JMP 0000000077050450
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                0000000076ef25c2 3 bytes {JMP 0x15de90}
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\svchost.exe[1564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000076cdeecd 1 byte [62]
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1740] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  0000000075d9a2ba 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000076ef1360 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000076ef13b0 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000076ef1560 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                      0000000076ef1700 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000076ef1b00 1 byte JMP 0000000077050490
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                         0000000076ef1b02 3 bytes JMP 0000000076ef1b1c
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000076ef2190 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000076ef21a0 5 bytes JMP 00000000770504b0
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000076ef25c0 1 byte JMP 0000000077050450
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                0000000076ef25c2 3 bytes {JMP 0x15de90}
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\SysWOW64\svchost.exe[1936] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                               0000000075d9a2ba 1 byte [62]
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                  0000000076ec3b10 5 bytes JMP 000000010027075c
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                    0000000076ec7ac0 5 bytes JMP 00000001002703a4
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                        0000000076ef1360 5 bytes JMP 0000000077050470
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                 0000000076ef13b0 5 bytes JMP 0000000077050460
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                       0000000076ef1430 5 bytes JMP 0000000100270b14
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                           0000000076ef1490 5 bytes JMP 0000000100270ecc
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                 0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                      0000000076ef1560 5 bytes JMP 0000000077050480
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                            0000000076ef1570 5 bytes JMP 000000010027163c
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                 0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                          0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                             0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                   0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                              0000000076ef1700 5 bytes JMP 0000000077050440
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                 0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                               0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                        0000000076ef17b0 5 bytes JMP 0000000100271284
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                             0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                     0000000076ef1b00 1 byte JMP 0000000077050490
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                                 0000000076ef1b02 3 bytes JMP 0000000076ef1b1c
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                    0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                             0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                          0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                             0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                              0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                 0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                          0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                             0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                  0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                             0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                             0000000076ef2190 5 bytes JMP 00000000770504a0
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                    0000000076ef21a0 5 bytes JMP 00000000770504b0
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                               0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                            0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                  0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                               0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                  0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                   0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                            0000000076ef25c0 1 byte JMP 0000000077050450
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                        0000000076ef25c2 3 bytes {JMP 0x15de90}
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                           0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                              0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                            0000000076ef27e0 5 bytes JMP 00000001002719f4
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                        0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                         0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                              0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                              0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                               0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                          0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                  0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                       0000000076cdeecd 1 byte [62]
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                    000007fefefe6e00 5 bytes JMP 000007ff7f001dac
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                        000007fefefe6f2c 5 bytes JMP 000007ff7f000ecc
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                        000007fefefe7220 5 bytes JMP 000007ff7f001284
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                       000007fefefe739c 5 bytes JMP 000007ff7f00163c
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                       000007fefefe7538 5 bytes JMP 000007ff7f0019f4
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                              000007fefefe75e8 5 bytes JMP 000007ff7f0003a4
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                              000007fefefe790c 5 bytes JMP 000007ff7f00075c
.text  C:\Windows\Explorer.EXE[3824] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                               000007fefefe7ab4 5 bytes JMP 000007ff7f000b14
.text  C:\Program Files\AVAST Software\Avast\AvastUI.exe[1060] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                             0000000075d9a2ba 1 byte [62]
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                    0000000076ec3b10 5 bytes JMP 00000001003b075c
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                      0000000076ec7ac0 5 bytes JMP 00000001003b03a4
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                          0000000076ef1360 5 bytes JMP 0000000100070470
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                   0000000076ef13b0 5 bytes JMP 0000000100070460
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                         0000000076ef1430 5 bytes JMP 00000001003b0b14
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                             0000000076ef1490 5 bytes JMP 00000001003b0ecc
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                   0000000076ef1510 5 bytes JMP 0000000100070370
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                        0000000076ef1560 5 bytes JMP 0000000100070480
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000076ef1570 5 bytes JMP 00000001003b163c
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000076ef1620 5 bytes JMP 0000000100070320
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                            0000000076ef1650 5 bytes JMP 00000001000703b0
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                               0000000076ef1670 5 bytes JMP 0000000100070390
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                     0000000076ef16b0 5 bytes JMP 00000001000702e0
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                0000000076ef1700 5 bytes JMP 0000000100070440
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                   0000000076ef1730 5 bytes JMP 00000001000702d0
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000076ef1750 5 bytes JMP 0000000100070310
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000076ef1790 5 bytes JMP 00000001000703c0
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                          0000000076ef17b0 5 bytes JMP 00000001003b1284
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000076ef17e0 5 bytes JMP 00000001000703f0
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                  0000000076ef1940 5 bytes JMP 0000000100070230
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000076ef1b00 1 byte JMP 0000000100070490
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                   0000000076ef1b02 3 bytes JMP 0000000076efa41e
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                      0000000076ef1b30 5 bytes JMP 00000001000703a0
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                               0000000076ef1c10 5 bytes JMP 00000001000702f0
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                            0000000076ef1c20 5 bytes JMP 0000000100070350
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                  0000000076ef1c80 5 bytes JMP 0000000100070290
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                               0000000076ef1d10 5 bytes JMP 00000001000702b0
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000076ef1d30 5 bytes JMP 00000001000703d0
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                   0000000076ef1d40 5 bytes JMP 0000000100070330
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                            0000000076ef1db0 5 bytes JMP 0000000100070410
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                               0000000076ef1de0 5 bytes JMP 0000000100070240
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000076ef20a0 5 bytes JMP 00000001000701e0
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                               0000000076ef2160 5 bytes JMP 0000000100070250
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                               0000000076ef2190 5 bytes JMP 00000001000704a0
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                      0000000076ef21a0 5 bytes JMP 00000001000704b0
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                 0000000076ef21d0 5 bytes JMP 0000000100070300
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                              0000000076ef21e0 5 bytes JMP 0000000100070360
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                    0000000076ef2240 5 bytes JMP 00000001000702a0
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                 0000000076ef2290 5 bytes JMP 00000001000702c0
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                    0000000076ef22c0 5 bytes JMP 0000000100070380
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                     0000000076ef22d0 5 bytes JMP 0000000100070340
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                              0000000076ef25c0 1 byte JMP 0000000100070450
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                          0000000076ef25c2 3 bytes {JMP 0xffffffff8917de90}
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                             0000000076ef27c0 5 bytes JMP 0000000100070260
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                0000000076ef27d0 5 bytes JMP 0000000100070270
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              0000000076ef27e0 5 bytes JMP 00000001003b19f4
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000076ef29a0 5 bytes JMP 00000001000701f0
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                           0000000076ef29b0 5 bytes JMP 0000000100070210
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000076ef2a20 5 bytes JMP 0000000100070200
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                0000000076ef2a80 5 bytes JMP 0000000100070420
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                 0000000076ef2a90 5 bytes JMP 0000000100070430
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000076ef2aa0 5 bytes JMP 0000000100070220
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                    0000000076ef2b80 5 bytes JMP 0000000100070280
.text  C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                         0000000076cdeecd 1 byte [62]
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                       0000000076ec3b10 5 bytes JMP 000000010027075c
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                         0000000076ec7ac0 5 bytes JMP 00000001002703a4
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                             0000000076ef1360 5 bytes JMP 0000000077050470
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                      0000000076ef13b0 5 bytes JMP 0000000077050460
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                            0000000076ef1430 5 bytes JMP 0000000100270b14
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                0000000076ef1490 5 bytes JMP 0000000100270ecc
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                      0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                           0000000076ef1560 5 bytes JMP 0000000077050480
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                 0000000076ef1570 5 bytes JMP 000000010027163c
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                      0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                               0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                  0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                        0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                   0000000076ef1700 5 bytes JMP 0000000077050440
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                      0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                    0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                     0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                             0000000076ef17b0 5 bytes JMP 0000000100271284
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                  0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                     0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                          0000000076ef1b00 1 byte JMP 0000000077050490
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                      0000000076ef1b02 3 bytes JMP 0000000076ef1b1c
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                         0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                  0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                               0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                     0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                  0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                   0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                      0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                               0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                  0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                       0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                  0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                  0000000076ef2190 5 bytes JMP 00000000770504a0
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                         0000000076ef21a0 5 bytes JMP 00000000770504b0
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                    0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                 0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                       0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                    0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                       0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                        0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                 0000000076ef25c0 1 byte JMP 0000000077050450
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                             0000000076ef25c2 3 bytes {JMP 0x15de90}
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                   0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                 0000000076ef27e0 5 bytes JMP 00000001002719f4
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                             0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                              0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                   0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                   0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                    0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                               0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                       0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[2676] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                            0000000076cdeecd 1 byte [62]
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000076ef1360 5 bytes JMP 0000000077050470
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000076ef13b0 5 bytes JMP 0000000077050460
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000076ef1510 5 bytes JMP 0000000077050370
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000076ef1560 5 bytes JMP 0000000077050480
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000076ef1570 5 bytes JMP 00000000770503e0
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000076ef1620 5 bytes JMP 0000000077050320
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000076ef1650 5 bytes JMP 00000000770503b0
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000076ef1670 5 bytes JMP 0000000077050390
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000076ef16b0 5 bytes JMP 00000000770502e0
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                      0000000076ef1700 5 bytes JMP 0000000077050440
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000076ef1730 5 bytes JMP 00000000770502d0
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000076ef1750 5 bytes JMP 0000000077050310
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000076ef1790 5 bytes JMP 00000000770503c0
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000076ef17e0 5 bytes JMP 00000000770503f0
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000076ef1940 5 bytes JMP 0000000077050230
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000076ef1b00 1 byte JMP 0000000077050490
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                         0000000076ef1b02 3 bytes JMP 0000000076ef1b1c
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000076ef1b30 5 bytes JMP 00000000770503a0
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000076ef1c10 5 bytes JMP 00000000770502f0
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000076ef1c20 5 bytes JMP 0000000077050350
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000076ef1c80 5 bytes JMP 0000000077050290
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000076ef1d10 5 bytes JMP 00000000770502b0
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000076ef1d30 5 bytes JMP 00000000770503d0
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000076ef1d40 5 bytes JMP 0000000077050330
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000076ef1db0 5 bytes JMP 0000000077050410
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000076ef1de0 5 bytes JMP 0000000077050240
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000076ef20a0 5 bytes JMP 00000000770501e0
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000076ef2160 5 bytes JMP 0000000077050250
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000076ef2190 5 bytes JMP 00000000770504a0
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000076ef21a0 5 bytes JMP 00000000770504b0
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000076ef21d0 5 bytes JMP 0000000077050300
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000076ef21e0 5 bytes JMP 0000000077050360
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000076ef2240 5 bytes JMP 00000000770502a0
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000076ef2290 5 bytes JMP 00000000770502c0
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000076ef22c0 5 bytes JMP 0000000077050380
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000076ef22d0 5 bytes JMP 0000000077050340
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000076ef25c0 1 byte JMP 0000000077050450
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                0000000076ef25c2 3 bytes {JMP 0x15de90}
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000076ef27c0 5 bytes JMP 0000000077050260
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000076ef27d0 5 bytes JMP 0000000077050270
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000076ef27e0 5 bytes JMP 0000000077050400
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000076ef29a0 5 bytes JMP 00000000770501f0
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000076ef29b0 5 bytes JMP 0000000077050210
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000076ef2a20 5 bytes JMP 0000000077050200
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000076ef2a80 5 bytes JMP 0000000077050420
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000076ef2a90 5 bytes JMP 0000000077050430
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000076ef2aa0 5 bytes JMP 0000000077050220
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000076ef2b80 5 bytes JMP 0000000077050280
.text  C:\Windows\system32\AUDIODG.EXE[2500] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000076cdeecd 1 byte [62]
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                              0000000076ec3b10 5 bytes JMP 000000010027075c
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                0000000076ec7ac0 5 bytes JMP 00000001002703a4
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    0000000076ef1360 5 bytes JMP 0000000100070470
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                             0000000076ef13b0 5 bytes JMP 0000000100070460
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                   0000000076ef1430 5 bytes JMP 0000000100270b14
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                       0000000076ef1490 5 bytes JMP 0000000100270ecc
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             0000000076ef1510 5 bytes JMP 0000000100070370
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  0000000076ef1560 5 bytes JMP 0000000100070480
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        0000000076ef1570 5 bytes JMP 000000010027163c
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                             0000000076ef1620 5 bytes JMP 0000000100070320
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      0000000076ef1650 5 bytes JMP 00000001000703b0
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         0000000076ef1670 5 bytes JMP 0000000100070390
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               0000000076ef16b0 5 bytes JMP 00000001000702e0
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                          0000000076ef1700 5 bytes JMP 0000000100070440
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             0000000076ef1730 5 bytes JMP 00000001000702d0
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                           0000000076ef1750 5 bytes JMP 0000000100070310
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                            0000000076ef1790 5 bytes JMP 00000001000703c0
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                    0000000076ef17b0 5 bytes JMP 0000000100271284
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         0000000076ef17e0 5 bytes JMP 00000001000703f0
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            0000000076ef1940 5 bytes JMP 0000000100070230
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 0000000076ef1b00 1 byte JMP 0000000100070490
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2                                                             0000000076ef1b02 3 bytes JMP 0000000076efa41e
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                0000000076ef1b30 5 bytes JMP 00000001000703a0
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         0000000076ef1c10 5 bytes JMP 00000001000702f0
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      0000000076ef1c20 5 bytes JMP 0000000100070350
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            0000000076ef1c80 5 bytes JMP 0000000100070290
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         0000000076ef1d10 5 bytes JMP 00000001000702b0
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          0000000076ef1d30 5 bytes JMP 00000001000703d0
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             0000000076ef1d40 5 bytes JMP 0000000100070330
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      0000000076ef1db0 5 bytes JMP 0000000100070410
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         0000000076ef1de0 5 bytes JMP 0000000100070240
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              0000000076ef20a0 5 bytes JMP 00000001000701e0
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         0000000076ef2160 5 bytes JMP 0000000100070250
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         0000000076ef2190 5 bytes JMP 00000001000704a0
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                0000000076ef21a0 5 bytes JMP 00000001000704b0
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           0000000076ef21d0 5 bytes JMP 0000000100070300
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        0000000076ef21e0 5 bytes JMP 0000000100070360
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              0000000076ef2240 5 bytes JMP 00000001000702a0
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           0000000076ef2290 5 bytes JMP 00000001000702c0
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                              0000000076ef22c0 5 bytes JMP 0000000100070380
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               0000000076ef22d0 5 bytes JMP 0000000100070340
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        0000000076ef25c0 1 byte JMP 0000000100070450
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2                                                                    0000000076ef25c2 3 bytes {JMP 0xffffffff8917de90}
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       0000000076ef27c0 5 bytes JMP 0000000100070260
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          0000000076ef27d0 5 bytes JMP 0000000100070270
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        0000000076ef27e0 5 bytes JMP 00000001002719f4
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    0000000076ef29a0 5 bytes JMP 00000001000701f0
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     0000000076ef29b0 5 bytes JMP 0000000100070210
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          0000000076ef2a20 5 bytes JMP 0000000100070200
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          0000000076ef2a80 5 bytes JMP 0000000100070420
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           0000000076ef2a90 5 bytes JMP 0000000100070430
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      0000000076ef2aa0 5 bytes JMP 0000000100070220
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                              0000000076ef2b80 5 bytes JMP 0000000100070280
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                000007fefefe6e00 5 bytes JMP 000007ff7f001dac
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                    000007fefefe6f2c 5 bytes JMP 000007ff7f000ecc
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                    000007fefefe7220 5 bytes JMP 000007ff7f001284
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                   000007fefefe739c 5 bytes JMP 000007ff7f00163c
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                   000007fefefe7538 5 bytes JMP 000007ff7f0019f4
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                          000007fefefe75e8 5 bytes JMP 000007ff7f0003a4
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                          000007fefefe790c 5 bytes JMP 000007ff7f00075c
.text  C:\Windows\system32\Dwm.exe[1004] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                           000007fefefe7ab4 5 bytes JMP 000007ff7f000b14
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                        000000007709fac0 5 bytes JMP 0000000100030600
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                            000000007709fb58 5 bytes JMP 0000000100030804
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                             000000007709fcb0 5 bytes JMP 0000000100030c0c
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                         00000000770a0038 5 bytes JMP 0000000100030a08
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                             00000000770a1920 5 bytes JMP 0000000100030e10
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                     00000000770bc4dd 5 bytes JMP 00000001000301f8
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                   00000000770c1287 5 bytes JMP 00000001000303fc
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                        0000000075d9a2ba 1 byte [62]
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\syswow64\USER32.dll!SetWinEventHook                               0000000076b9ee09 5 bytes JMP 00000001001d01f8
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                0000000076ba3982 5 bytes JMP 00000001001d03fc
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                             0000000076ba7603 5 bytes JMP 00000001001d0804
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                             0000000076ba835c 5 bytes JMP 00000001001d0600
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                           0000000076bbf52b 5 bytes JMP 00000001001d0a08
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                     0000000076385181 5 bytes JMP 00000001001e1014
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                         0000000076385254 5 bytes JMP 00000001001e0804
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                         00000000763853d5 5 bytes JMP 00000001001e0a08
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                        00000000763854c2 5 bytes JMP 00000001001e0c0c
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                        00000000763855e2 5 bytes JMP 00000001001e0e10
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                               000000007638567c 5 bytes JMP 00000001001e01f8
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                               000000007638589f 5 bytes JMP 00000001001e03fc
.text  C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4276] C:\Windows\SysWOW64\sechost.dll!DeleteService                                0000000076385a22 5 bytes JMP 00000001001e0600
.text  C:\Users\Frau Napalm\Desktop\gmer_2.1.19163.exe[1268] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                               0000000075d9a2ba 1 byte [62]

Alt 28.12.2013, 11:52   #5
walerlego
 
Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam - Standard

Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam


Code:
ATTFilter
---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                                                                                      2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                                                                                     2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                                                                              1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                                                                               aswFsBlk
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                                                                                     FSFilter Activity Monitor
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                                                                           FltMgr?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                                                                               avast! mini-filter driver (aswFsBlk)
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                                                                       2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                                                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                                                                                 aswFsBlk Instance
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                      388400
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                         0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                                                                                     2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                                                                                    2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                                                                             1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                                                                                \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                                                                              aswMonFlt
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                                                                                    FSFilter Anti-Virus
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                                                                          FltMgr?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                                                                              avast! mini-filter driver (aswMonFlt)
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                                                                                
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                                                                                aswMonFlt Instance
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                                                                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                    320700
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                       0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                                                                          
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                                                                        1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                                                                       1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                                                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                                                                                 aswRdr
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                                                                       PNP_TDI
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                                                                             tcpip?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                                                                                 avast! WFP Redirect driver
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                                                                                   \SystemRoot\System32\Drivers\aswrdr2.sys
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                                                                                  
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                               nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                                                                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                                                                       1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                                                                                      0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                                                                               1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                                                                                aswRvrt
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                                                                                avast! Revert
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                                                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                                                                                     398
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                                                                                     11445445
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                                                                                      \Device\Harddisk0\Partition3\Windows
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                                                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                                                                            
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                                                                        2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                                                                       1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                                                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                                                                                 aswSnx
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                                                                       FSFilter Virtualization
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                                                                             FltMgr?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                                                                                 avast! virtualization driver (aswSnx)
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                                                                         2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                                                                                   aswSnx Instance
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                          137600
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                                                                             0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                                                                                  
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                                                                                    \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                                                                       \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                                                                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                                                                         1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                                                                        1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                                                                                 1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                                                                                  aswSP
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                                                                                  avast! Self Protection
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                                                                       1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                                                                                     \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                                                                        \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen                                                                                   1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                                                                                \DosDevices\C:\Program Files
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                                                                                      \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                                                                              
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                                                                        1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                                                                       1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                                                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                                                                                 avast! Network Shield Support
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                                                                       PNP_TDI
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                                                                             tcpip?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                                                                                 avast! Network Shield TDI driver
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                                                                         11
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                                                                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                                                                        1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                                                                       3
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                                                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                                                                                 aswVmm
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                                                                                 avast! VM Monitor
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                                                                                  
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                                                                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                                                                              32
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                                                                             2
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                                                                                      1
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                                                                         "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                                                                       avast! Antivirus
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                                                                             ShellSvcGroup
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                                                                                   aswMonFlt?RpcSS?
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                                                                             1
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                                                                        LocalSystem
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                                                                                    1
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                                                                       Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                                                                                   
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                                                                          2
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                                                                         2
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                                                                                  1
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                                                                                   aswFsBlk
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                                                                         FSFilter Activity Monitor
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                                                                               FltMgr?
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                                                                                   avast! mini-filter driver (aswFsBlk)
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                                                                           2
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                                                                             
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                                                                                     aswFsBlk Instance
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)                                                           
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                          388400
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                             0
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                                                                         2
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                                                                        2
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                                                                                 1
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                                                                                    \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                                                                                  aswMonFlt
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                                                                        FSFilter Anti-Virus
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                                                                              FltMgr?
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                                                                                  avast! mini-filter driver (aswMonFlt)
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                                                                            
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                                                                                    aswMonFlt Instance
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)                                                         
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                        320700
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                           0
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                                                                            1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                                                                           1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                                                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                                                                                     aswRdr
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                                                                           PNP_TDI
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                                                                                 tcpip?
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                                                                                     avast! WFP Redirect driver
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                                                                       \SystemRoot\System32\Drivers\aswrdr2.sys
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                                                                              
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                                   
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                                   nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                                                                           1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                                                                          0
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                                                                                   1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                                                                                    aswRvrt
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                                                                                    avast! Revert
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                                                                             
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                                                                         398
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                                                                         11445445
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                                                                          \Device\Harddisk0\Partition3\Windows
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                                                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                                                                            2
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                                                                           1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                                                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                                                                                     aswSnx
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                                                                           FSFilter Virtualization
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                                                                                 FltMgr?
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                                                                                     avast! virtualization driver (aswSnx)
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                                                                             2
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                                                                               
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                                                                       aswSnx Instance
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)                                                               
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                              137600
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                                                                                 0
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                                                                              
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                                                                        \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                                                                           \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                                                                             1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                                                                            1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                                                                                     1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                                                                                      aswSP
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                                                                                      avast! Self Protection
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                                                                               
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                                                                           1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                                                                         \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                                                                            \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen                                                                                       1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                                                                                    \DosDevices\C:\Program Files
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                                                                          \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                                                                            1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                                                                           1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                                                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                                                                                     avast! Network Shield Support
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                                                                           PNP_TDI
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                                                                                 tcpip?
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                                                                                     avast! Network Shield TDI driver
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                                                                             11
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                                                                            1
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                                                                           3
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                                                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                                                                                     aswVmm
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                                                                                     avast! VM Monitor
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                                                                              
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                                                                                  32
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                                                                                 2
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                                                                          1
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                                                                             "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                                                                           avast! Antivirus
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                                                                                 ShellSvcGroup
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                                                                       aswMonFlt?RpcSS?
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                                                                                 1
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                                                                            LocalSystem
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                                                                        1
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                                                                           Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.

---- EOF - GMER 2.1 ----
So, das sollte es sein. Danke fürs Feedback.


Alt 29.12.2013, 11:29   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam - Standard

Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam


Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam

Alt 01.01.2014, 15:59   #7
walerlego
 
Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam - Standard

Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam


Hier ist die combofix.txt
Kann das sein, dass das bereits Fehler behoben hat?

Code:
ATTFilter
ComboFix 13-12-31.01 - Frau Napalm 01.01.2014  14:56:45.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4085.1261 [GMT 1:00]
ausgeführt von:: c:\users\Frau Napalm\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6422\AddOnDownloaded\1aff7cd0-71c5-4682-8a81-f3488d648a52.dll
c:\programdata\PCDr\6422\AddOnDownloaded\4024761b-0217-45f9-98b3-a2cd8c309252.dll
c:\programdata\PCDr\6422\AddOnDownloaded\5eb0ad41-431b-4bf8-b498-110b0b5cd0ab.dll
c:\programdata\PCDr\6422\AddOnDownloaded\61c13bfc-28f4-44bc-beec-efa429fa40f0.dll
c:\programdata\PCDr\6422\AddOnDownloaded\721f0e40-f9ae-403d-b919-f31f136f926d.dll
c:\programdata\PCDr\6422\AddOnDownloaded\a42876a0-cd50-444f-b999-c31d0b73f57c.dll
c:\programdata\PCDr\6422\AddOnDownloaded\b46fef86-eb4a-44db-ad48-0c00477a0097.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ec1edaed-f34f-4e3a-96eb-bbdad2af9a8a.dll
c:\programdata\PCDr\6422\AddOnDownloaded\f63e05a5-1f40-4c42-b80a-d0995b6e38a7.dll
c:\windows\SysWow64\html
c:\windows\SysWow64\images
c:\windows\UA000096.DLL
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-12-01 bis 2014-01-01  ))))))))))))))))))))))))))))))
.
.
2014-01-01 14:16 . 2014-01-01 14:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-01-01 14:00 . 2014-01-01 14:00	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3DDB46E-F82B-4BD0-B75F-E70B45C83EF2}\offreg.dll
2013-12-31 08:46 . 2013-12-04 03:28	10315576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3DDB46E-F82B-4BD0-B75F-E70B45C83EF2}\mpengine.dll
2013-12-29 10:11 . 2013-12-29 10:12	--------	d-----w-	c:\program files\CCleaner
2013-12-28 08:04 . 2013-12-28 08:04	--------	d-----w-	c:\users\Frau Napalm\AppData\Roaming\AVAST Software
2013-12-27 22:49 . 2013-12-27 22:49	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-12-27 22:49 . 2013-12-27 22:49	--------	d-----w-	c:\programdata\Oracle
2013-12-27 22:37 . 2013-12-27 22:37	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-27 21:38 . 2013-12-28 09:38	79672	----a-w-	c:\windows\system32\drivers\aswstm.sys
2013-12-27 20:48 . 2013-12-27 20:48	--------	d-----w-	C:\FRST
2013-12-27 11:36 . 2013-11-26 10:19	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2013-12-27 11:36 . 2013-11-26 09:23	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-12-27 11:36 . 2013-11-27 00:20	235216	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-12-27 11:36 . 2013-11-27 00:52	293072	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-12-27 11:36 . 2013-11-26 06:48	353280	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-12-27 11:36 . 2013-11-26 06:41	251392	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll
2013-12-27 11:36 . 2013-11-26 06:22	270848	----a-w-	c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-12-27 11:36 . 2013-11-26 10:18	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2013-12-27 11:36 . 2013-11-26 07:55	469504	----a-w-	c:\program files (x86)\Internet Explorer\ieinstal.exe
2013-12-27 11:36 . 2013-11-26 10:07	7211520	----a-w-	c:\program files\Internet Explorer\F12Resources.dll
2013-12-27 11:36 . 2013-11-26 08:34	482816	----a-w-	c:\program files\Internet Explorer\ieinstal.exe
2013-12-26 22:44 . 2013-10-14 17:00	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
2013-12-26 22:04 . 2013-12-26 22:04	--------	d-----w-	c:\program files (x86)\Common Files\PDF Architect
2013-12-26 22:04 . 2013-12-26 22:04	--------	d-----w-	c:\users\Frau Napalm\AppData\Roaming\PDF Architect
2013-12-26 22:01 . 2013-12-26 22:01	--------	d-----w-	c:\program files\My Dell
2013-12-21 08:33 . 2013-12-21 08:33	--------	d-----w-	c:\users\Frau Napalm\AppData\Roaming\2BrightSparks
2013-12-21 08:33 . 2013-12-21 08:33	--------	d-----w-	c:\users\Frau Napalm\AppData\Local\2BrightSparks
2013-12-21 08:33 . 2013-12-21 08:33	--------	d-----w-	c:\program files (x86)\2BrightSparks
2013-12-11 22:11 . 2013-05-10 04:30	167424	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 22:11 . 2013-05-10 03:48	164864	----a-w-	c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 22:11 . 2013-05-10 05:56	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2013-12-11 22:11 . 2013-05-10 04:56	12625408	----a-w-	c:\windows\SysWow64\wmploc.DLL
2013-12-11 22:10 . 2013-05-10 05:56	14631424	----a-w-	c:\windows\system32\wmp.dll
2013-12-11 11:51 . 2013-12-12 07:53	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-12-08 09:51 . 2013-12-21 17:27	--------	d-----w-	c:\users\Frau Napalm\AppData\Roaming\KeePass
2013-12-08 07:55 . 2013-12-08 07:55	--------	d-----w-	c:\program files (x86)\KeePass Password Safe 2
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-27 21:37 . 2013-03-29 21:16	92544	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-12-27 21:37 . 2013-03-29 21:16	207904	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-12-27 21:37 . 2013-03-29 21:16	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-12-27 21:37 . 2011-05-23 11:59	422216	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-12-27 21:37 . 2011-05-23 11:59	1034464	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-12-27 21:37 . 2011-05-23 11:59	78648	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-12-27 21:37 . 2011-05-23 11:59	334136	----a-w-	c:\windows\system32\aswBoot.exe
2013-12-27 21:37 . 2011-05-23 11:58	43152	----a-w-	c:\windows\avastSS.scr
2013-12-20 09:11 . 2010-02-20 13:15	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-12-20 09:11 . 2010-09-14 11:05	42168	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-12-19 13:11 . 2011-05-23 11:59	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-12-14 12:48 . 2009-12-02 08:41	90708896	----a-w-	c:\windows\system32\MRT.exe
2013-12-14 08:34 . 2010-03-11 08:26	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-12-14 08:33 . 2010-09-24 07:00	42168	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-12-11 13:12 . 2012-03-30 05:35	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 13:12 . 2011-05-17 18:11	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-25 09:47 . 2012-07-17 13:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-11-19 02:33 . 2011-03-03 20:39	267936	------w-	c:\windows\system32\MpSigStub.exe
2013-10-28 00:12 . 2013-10-28 00:12	107288	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2013-10-27 20:24 . 2013-10-27 20:24	129536	----a-w-	c:\users\Public\AlexaNSISPlugin.4560.dll
2013-10-12 02:30 . 2013-11-13 20:43	830464	----a-w-	c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 20:43	859648	----a-w-	c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 20:43	324096	----a-w-	c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 20:43	656896	----a-w-	c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 20:43	216576	----a-w-	c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 20:44	1474048	----a-w-	c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 20:44	1168384	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 20:43	190464	----a-w-	c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 20:43	197120	----a-w-	c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 20:43	1930752	----a-w-	c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 20:43	152576	----a-w-	c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 20:43	168960	----a-w-	c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 20:43	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2002-01-03 20:50 . 2005-07-04 15:35	155648	------w-	c:\program files (x86)\WMA8Connect.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-25 10:03	222832	----a-w-	c:\users\Frau Napalm\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-25 10:03	222832	----a-w-	c:\users\Frau Napalm\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-25 10:03	222832	----a-w-	c:\users\Frau Napalm\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Frau Napalm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Frau Napalm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Frau Napalm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Frau Napalm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-06 1168896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-27 3764024]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Frau Napalm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Frau Napalm\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 07:41	1210320	----a-w-	c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:12]
.
2014-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-02 10:14]
.
2014-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-02 10:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-25 10:03	261744	----a-w-	c:\users\Frau Napalm\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-25 10:03	261744	----a-w-	c:\users\Frau Napalm\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-25 10:03	261744	----a-w-	c:\users\Frau Napalm\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-27 21:37	287280	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Frau Napalm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Frau Napalm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Frau Napalm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Frau Napalm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tag=bds-p24-serp-de-ff-21&tbrId=v1_abb-channel-24_94e782661aa2435285ea8c8c05ea4db2_39_1007_20131027_DE_ff_ab_&query=
FF - ExtSQL: !HIDDEN! 2010-01-17 18:01; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{f0381dbd-e018-4e07-ae40-d96ab15083f0} - (no file)
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files (x86)\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1628424129-3989399895-586888125-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*þÿÿÿ¨¯lu¨¯lu\a\~#P¤]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1628424129-3989399895-586888125-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*þÿÿÿ¨¯lu¨¯lu\a\~#P¤\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1628424129-3989399895-586888125-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯lw\µ^RùfZ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1628424129-3989399895-586888125-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯lw\µ^RùfZ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1628424129-3989399895-586888125-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿ¨¯lu¨¯lu\a\~#P¤]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1628424129-3989399895-586888125-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿ¨¯lu¨¯lu\a\~#P¤\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1628424129-3989399895-586888125-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*¯žu¨¯žu\Å[õT~	]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1628424129-3989399895-586888125-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*¯žu¨¯žu\Å[õT~	\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1628424129-3989399895-586888125-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*png*þÿÿÿ¨¯lu¨¯lu\a\~#P¤]
"0"=hex:73,00,69,00,67,00,2e,00,70,6e,67,00,fe,ff,ff,ff,a8,af,6c,75,a8,af,6c,
   75,18,5c,61,5c,7e,23,50,a4,10,01,00,00,92,00,36,00,00,00,00,00,00,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1628424129-3989399895-586888125-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*¨¯lw\µ^RùfZ]
"0"=hex:6e,00,6f,00,6e,00,6f,00,6d,00,6f,00,2e,00,6a,70,67,00,a8,af,6c,77,18,
   5c,b5,5e,52,f9,66,5a,10,01,00,00,8e,00,36,00,00,00,00,00,00,00,00,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1628424129-3989399895-586888125-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*þÿÿÿ¨¯lu¨¯lu\a\~#P¤]
"0"=hex:65,00,76,00,61,00,6e,00,73,00,2e,00,6a,70,67,00,fe,ff,ff,ff,a8,af,6c,
   75,a8,af,6c,75,18,5c,61,5c,7e,23,50,a4,10,01,00,00,9a,00,36,00,00,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1628424129-3989399895-586888125-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*pspimage*¯žu¨¯žu\Å[õT~	]
"0"=hex:63,00,61,00,74,00,61,00,6e,00,2e,00,70,73,70,69,6d,61,67,65,00,af,9e,
   75,a8,af,9e,75,18,5c,c5,5b,f5,54,7e,09,10,01,00,00,9a,00,36,00,00,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-01  15:49:21
ComboFix-quarantined-files.txt  2014-01-01 14:49
.
Vor Suchlauf: 22 Verzeichnis(se), 24.558.559.232 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 22.447.251.456 Bytes frei
.
- - End Of File - - 47DBF5187C8497C524D75B896AC04EDE
A36C5E4F47E84449FF07ED3517B43A31

Alt 02.01.2014, 09:19   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam - Standard

Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam


Ja, aber da ist noch Arbeit

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.01.2014, 11:40   #9
walerlego
 
Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam - Standard

Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam


So, und weiter gehts:

Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Frau Napalm :: FRAUNAPALM-PC [Administrator]

03.01.2014 19:16:29
MBAM-log-2014-01-03 (19-26-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227074
Laufzeit: 6 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
AdwCleaner
Code:
ATTFilter
# AdwCleaner v3.016 - Bericht erstellt am 04/01/2014 um 00:17:51
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Frau Napalm - FRAUNAPALM-PC
# Gestartet von : C:\Users\Frau Napalm\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Alawar Stargaze
Ordner Gelöscht : C:\Users\Frau Napalm\AppData\Local\thinstall
Ordner Gelöscht : C:\Users\Frau Napalm\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Frau Napalm\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Frau Napalm\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Frau Napalm\AppData\Roaming\thinstall
Ordner Gelöscht : C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\formhistory@yahoo.com
Ordner Gelöscht : C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\germanrivers@addons.sebastianlanger.com
Ordner Gelöscht : C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\ich@maltegoetz.de
Ordner Gelöscht : C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\jid1-ScromwMkJq3ztw@jetpack
Ordner Gelöscht : C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\LightBoxKiller@syndacate.org
Ordner Gelöscht : C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\youtubeunblocker@unblocker.yt
Ordner Gelöscht : C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\.autoreg

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_media-player-codec-pack_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_media-player-codec-pack_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SearchCore for Browsers
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\SearchCore for Browsers

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v27.0 (de)

[ Datei : C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Frau Napalm\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5735 octets] - [04/01/2014 00:08:46]
AdwCleaner[S0].txt - [5331 octets] - [04/01/2014 00:17:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5391 octets] ##########
JRT.txt:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x64
Ran by Frau Napalm on 04.01.2014 at 11:10:42,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\Frau Napalm\appdata\locallow\datamngr"



~~~ FireFox

Emptied folder: C:\Users\Frau Napalm\AppData\Roaming\mozilla\firefox\profiles\tg485g2x.default\minidumps [392 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.01.2014 at 11:20:00,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und nochmal FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by Frau Napalm (administrator) on FRAUNAPALM-PC on 04-01-2014 11:32:10
Running from C:\Users\Frau Napalm\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Spotify Ltd) C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Frau Napalm\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [4968960 2009-07-17] (Dell Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-27] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Frau Napalm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-06] (Spotify Ltd)
Startup: C:\Users\Frau Napalm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Frau Napalm\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0D143B41-4BD0-4563-9100-C4B0BF5DD5A8} URL = 
SearchScopes: HKCU - {92F0BA92-E877-467B-AF57-C693E5D82E82} URL = 
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default
FF DefaultSearchEngine: eBay
FF SearchEngineOrder.1: Amazon 
FF SelectedSearchEngine: eBay
FF Homepage: about:home
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tag=bds-p24-serp-de-ff-21&tbrId=v1_abb-channel-24_94e782661aa2435285ea8c8c05ea4db2_39_1007_20131027_DE_ff_ab_&query=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Frau Napalm\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF SearchPlugin: C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\searchplugins\googlede.xml
FF SearchPlugin: C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\searchplugins\leo-deu-eng.xml
FF SearchPlugin: C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Add to Amazon Wish List Button - C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\amznUWL2@amazon.com.xpi
FF Extension: Personas Plus - C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\personas@christopher.beard.xpi
FF Extension: Pinterest Right-Click - C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\pinterest-addon@felixfung.ca.xpi
FF Extension: search-test-phase-1 - C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\search-test-phase-1@mozilla.com.xpi
FF Extension: Test Pilot - C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: WordPress Helper - C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\{AFF0F480-EDE7-11DB-8BB2-438255D89593}.xpi
FF Extension: Download YouTube Videos as MP4 - C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF Extension: Adblock Plus - C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Pixlr Grabber - C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}.xpi
FF Extension: Download Statusbar - C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: DownThemAll! - C:\Users\Frau Napalm\AppData\Roaming\Mozilla\Firefox\Profiles\tg485g2x.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npfdm.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Plugin) - C:\Users\Frau Napalm\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Frau Napalm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Frau Napalm\AppData\LocalLow\proxtube\CHROME\proxtube.crx

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-27] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-17] ()

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-27] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-27] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] ()
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [41032 2009-06-18] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-11-04] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-11-04] (McAfee, Inc.)
S3 StarOpen; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-04 11:32 - 2014-01-04 11:32 - 00020960 _____ C:\Users\Frau Napalm\Desktop\FRST.txt
2014-01-04 11:30 - 2014-01-04 11:30 - 01931368 _____ (Farbar) C:\Users\Frau Napalm\Desktop\FRST64.exe
2014-01-04 11:20 - 2014-01-04 11:20 - 00000917 _____ C:\Users\Frau Napalm\Desktop\JRT.txt
2014-01-04 11:10 - 2014-01-04 11:10 - 00000000 ____D C:\Windows\ERUNT
2014-01-04 11:08 - 2014-01-04 11:08 - 01036305 _____ (Thisisu) C:\Users\Frau Napalm\Desktop\JRT.exe
2014-01-03 23:53 - 2014-01-03 23:53 - 00000000 ____D C:\Users\Frau Napalm\Downloads\BRMC%20Guerrilla%20Posters
2014-01-03 23:53 - 2014-01-03 23:53 - 00000000 ____D C:\Users\Frau Napalm\Desktop\BRMC Guerilla Posters
2014-01-03 23:52 - 2014-01-03 23:52 - 40791937 _____ C:\Users\Frau Napalm\Downloads\BRMC%20Guerrilla%20Posters.zip
2014-01-03 22:59 - 2014-01-04 00:18 - 00000000 ____D C:\AdwCleaner
2014-01-03 22:59 - 2014-01-03 22:59 - 01233962 _____ C:\Users\Frau Napalm\Desktop\adwcleaner.exe
2014-01-03 20:48 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-02 22:26 - 2014-01-03 20:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 22:11 - 2014-01-02 22:11 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Frau Napalm\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-02 09:23 - 2014-01-02 09:23 - 00000540 _____ C:\Windows\PFRO.log
2014-01-01 20:40 - 2014-01-01 20:40 - 00003234 _____ C:\Windows\System32\Tasks\SidebarExecute
2014-01-01 15:49 - 2014-01-01 15:49 - 00029889 _____ C:\ComboFix.txt
2014-01-01 14:53 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-01 14:53 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-01 14:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-01 14:53 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-01 14:53 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-01 14:53 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-01 14:53 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-01 14:53 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-01 14:52 - 2014-01-01 15:49 - 00000000 ____D C:\Qoobox
2014-01-01 14:52 - 2014-01-01 15:49 - 00000000 ____D C:\ComboFix
2014-01-01 14:51 - 2014-01-01 15:18 - 00000000 ____D C:\Windows\erdnt
2014-01-01 14:46 - 2014-01-01 14:47 - 05160176 ____R (Swearware) C:\Users\Frau Napalm\Downloads\ComboFix.exe
2013-12-29 17:01 - 2014-01-04 09:24 - 00000616 _____ C:\Windows\setupact.log
2013-12-29 17:01 - 2013-12-29 17:01 - 00000000 _____ C:\Windows\setuperr.log
2013-12-29 11:12 - 2013-12-29 11:12 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-29 11:11 - 2013-12-29 11:12 - 00000000 ____D C:\Program Files\CCleaner
2013-12-29 11:09 - 2013-12-29 11:10 - 03571656 _____ (Piriform Ltd) C:\Users\Frau Napalm\Downloads\ccsetup409_slim.exe
2013-12-28 09:04 - 2013-12-28 09:04 - 00000000 ____D C:\Users\Frau Napalm\AppData\Roaming\AVAST Software
2013-12-27 23:49 - 2013-12-27 23:49 - 00000000 ____D C:\ProgramData\Oracle
2013-12-27 23:38 - 2013-12-27 23:36 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-27 23:37 - 2013-12-27 23:37 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-27 23:37 - 2013-12-27 23:36 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-27 23:37 - 2013-12-27 23:36 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-27 22:38 - 2013-12-28 10:38 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-27 21:54 - 2013-12-27 21:54 - 00377856 _____ C:\Users\Frau Napalm\Desktop\gmer_2.1.19163.exe
2013-12-27 21:48 - 2013-12-27 21:48 - 00000000 ____D C:\FRST
2013-12-27 21:46 - 2013-12-27 21:46 - 00000000 _____ C:\Users\Frau Napalm\defogger_reenable
2013-12-27 21:44 - 2013-12-27 21:44 - 00050477 _____ C:\Users\Frau Napalm\Desktop\Defogger.exe
2013-12-27 12:36 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-27 12:36 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-27 12:36 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-27 12:35 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-27 12:35 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-27 12:35 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-27 12:35 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-27 12:35 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-27 12:35 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-27 12:35 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-27 12:35 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-27 12:35 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-27 12:35 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-27 12:35 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-27 12:35 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-27 12:35 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-27 12:35 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-27 12:35 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-27 12:35 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-27 12:35 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-27 12:35 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-27 12:35 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-27 12:35 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-27 12:35 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-27 12:35 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-27 12:35 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-27 12:35 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-27 12:35 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-27 12:35 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-27 12:35 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-27 12:35 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-26 23:44 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-26 23:38 - 2013-12-26 23:38 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-26 23:38 - 2013-12-26 23:38 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-26 23:38 - 2013-12-26 23:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-26 23:38 - 2013-12-26 23:38 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-26 23:38 - 2013-12-26 23:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-26 23:38 - 2013-12-26 23:38 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-26 23:38 - 2013-12-26 23:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Users\Frau Napalm\AppData\Roaming\PDF Architect
2013-12-26 23:01 - 2013-12-26 23:01 - 00000000 ____D C:\Program Files\My Dell
2013-12-21 18:24 - 2013-12-21 18:25 - 00002222 _____ C:\Users\Frau Napalm\Documents\PWDB.kdbx
2013-12-21 09:33 - 2013-12-21 09:33 - 00000000 ____D C:\Windows\System32\Tasks\2BrightSparks
2013-12-21 09:33 - 2013-12-21 09:33 - 00000000 ____D C:\Users\Frau Napalm\AppData\Roaming\2BrightSparks
2013-12-21 09:33 - 2013-12-21 09:33 - 00000000 ____D C:\Users\Frau Napalm\AppData\Local\2BrightSparks
2013-12-21 09:33 - 2013-12-21 09:33 - 00000000 ____D C:\Program Files (x86)\2BrightSparks
2013-12-21 08:33 - 2013-12-21 08:34 - 11436096 _____ (2BrightSparks Pte Ltd                                       ) C:\Users\Frau Napalm\Downloads\SyncBack_Setup.exe
2013-12-19 10:49 - 2013-12-19 10:49 - 01154851 _____ C:\Users\Frau Napalm\Downloads\Adressliste Weihnachtskarte_Master_131216_v04 (1).xlsx
2013-12-19 10:19 - 2013-12-19 10:19 - 01154851 _____ C:\Users\Frau Napalm\Downloads\Adressliste Weihnachtskarte_Master_131216_v04.xlsx
2013-12-18 10:59 - 2013-12-18 10:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-11 23:11 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 23:11 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 23:11 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 23:10 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 19:45 - 2013-12-11 19:45 - 00002174 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-11 12:51 - 2013-12-12 08:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-11 09:40 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 09:40 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 09:40 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 09:40 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 09:40 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 09:40 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 09:40 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 09:40 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 09:40 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 09:40 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 09:40 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 09:40 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 09:40 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 09:40 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 09:40 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 09:40 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 09:40 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 09:40 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 09:40 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 19:05 - 2013-12-10 19:05 - 00000000 ____D C:\Users\Frau Napalm\Downloads\Herbstliebe Schnitte 10.12
2013-12-08 10:51 - 2013-12-21 18:27 - 00000000 ____D C:\Users\Frau Napalm\AppData\Roaming\KeePass
2013-12-08 09:01 - 2013-12-08 09:01 - 00000187 _____ C:\Users\Frau Napalm\Documents\NickMichelsPWs.key
2013-12-08 08:55 - 2013-12-08 08:55 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-12-05 21:59 - 2013-12-05 21:59 - 00022617 _____ C:\Users\Frau Napalm\Downloads\what_fish.zip

==================== One Month Modified Files and Folders =======

2014-01-04 11:32 - 2014-01-04 11:32 - 00020960 _____ C:\Users\Frau Napalm\Desktop\FRST.txt
2014-01-04 11:30 - 2014-01-04 11:30 - 01931368 _____ (Farbar) C:\Users\Frau Napalm\Desktop\FRST64.exe
2014-01-04 11:29 - 2009-07-14 06:10 - 01058329 _____ C:\Windows\WindowsUpdate.log
2014-01-04 11:20 - 2014-01-04 11:20 - 00000917 _____ C:\Users\Frau Napalm\Desktop\JRT.txt
2014-01-04 11:12 - 2013-01-12 10:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-04 11:10 - 2014-01-04 11:10 - 00000000 ____D C:\Windows\ERUNT
2014-01-04 11:08 - 2014-01-04 11:08 - 01036305 _____ (Thisisu) C:\Users\Frau Napalm\Desktop\JRT.exe
2014-01-04 10:39 - 2009-12-02 11:14 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-04 09:33 - 2009-07-14 05:45 - 00014032 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-04 09:33 - 2009-07-14 05:45 - 00014032 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-04 09:28 - 2011-05-02 08:45 - 00000000 ____D C:\Users\Frau Napalm\AppData\Roaming\Dropbox
2014-01-04 09:26 - 2011-05-02 08:51 - 00000000 ___RD C:\Dropbox
2014-01-04 09:25 - 2009-12-02 11:14 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-04 09:24 - 2013-12-29 17:01 - 00000616 _____ C:\Windows\setupact.log
2014-01-04 09:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 00:23 - 2010-07-23 22:33 - 00000000 ____D C:\Users\Frau Napalm\Documents\Meine PSP-Dateien
2014-01-04 00:18 - 2014-01-03 22:59 - 00000000 ____D C:\AdwCleaner
2014-01-03 23:53 - 2014-01-03 23:53 - 00000000 ____D C:\Users\Frau Napalm\Downloads\BRMC%20Guerrilla%20Posters
2014-01-03 23:53 - 2014-01-03 23:53 - 00000000 ____D C:\Users\Frau Napalm\Desktop\BRMC Guerilla Posters
2014-01-03 23:52 - 2014-01-03 23:52 - 40791937 _____ C:\Users\Frau Napalm\Downloads\BRMC%20Guerrilla%20Posters.zip
2014-01-03 22:59 - 2014-01-03 22:59 - 01233962 _____ C:\Users\Frau Napalm\Desktop\adwcleaner.exe
2014-01-03 20:48 - 2014-01-02 22:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-03 12:15 - 2013-03-29 22:16 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-02 22:11 - 2014-01-02 22:11 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Frau Napalm\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-02 10:39 - 2012-03-24 22:30 - 00000000 ____D C:\Users\Frau Napalm\AppData\Roaming\Spotify
2014-01-02 09:26 - 2010-03-24 10:47 - 00000000 ____D C:\Users\Frau Napalm\Desktop\stuff
2014-01-02 09:23 - 2014-01-02 09:23 - 00000540 _____ C:\Windows\PFRO.log
2014-01-01 22:22 - 2012-06-21 11:40 - 00000000 ____D C:\Users\Frau Napalm\Documents\Michel
2014-01-01 22:22 - 2010-04-29 07:28 - 00000000 ____D C:\Users\Frau Napalm\Desktop\Michel
2014-01-01 22:22 - 2009-12-01 23:06 - 00004652 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys
2014-01-01 20:40 - 2014-01-01 20:40 - 00003234 _____ C:\Windows\System32\Tasks\SidebarExecute
2014-01-01 19:44 - 2011-03-13 20:33 - 00007600 _____ C:\Users\Frau Napalm\AppData\Local\Resmon.ResmonCfg
2014-01-01 15:49 - 2014-01-01 15:49 - 00029889 _____ C:\ComboFix.txt
2014-01-01 15:49 - 2014-01-01 14:52 - 00000000 ____D C:\Qoobox
2014-01-01 15:49 - 2014-01-01 14:52 - 00000000 ____D C:\ComboFix
2014-01-01 15:49 - 2009-07-14 04:20 - 00000000 ___RD C:\Users\Default
2014-01-01 15:18 - 2014-01-01 14:51 - 00000000 ____D C:\Windows\erdnt
2014-01-01 15:16 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-01 14:47 - 2014-01-01 14:46 - 05160176 ____R (Swearware) C:\Users\Frau Napalm\Downloads\ComboFix.exe
2013-12-31 19:41 - 2009-12-01 17:15 - 00000000 ____D C:\Users\Frau Napalm\AppData\Roaming\Skype
2013-12-30 20:46 - 2012-03-24 22:30 - 00000000 ____D C:\Users\Frau Napalm\AppData\Local\Spotify
2013-12-29 17:01 - 2013-12-29 17:01 - 00000000 _____ C:\Windows\setuperr.log
2013-12-29 13:34 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-29 11:23 - 2013-10-27 21:25 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-12-29 11:23 - 2012-06-14 18:20 - 00000000 ____D C:\Users\Frau Napalm\AppData\Roaming\inkscape
2013-12-29 11:23 - 2011-02-25 20:30 - 00000000 ____D C:\Users\Frau Napalm\AppData\Roaming\Winamp
2013-12-29 11:23 - 2009-12-01 16:47 - 00000000 ____D C:\Users\Frau Napalm
2013-12-29 11:22 - 2013-04-25 08:57 - 00000000 ____D C:\Users\Frau Napalm\AppData\Local\CrashDumps
2013-12-29 11:22 - 2009-12-01 16:55 - 00000000 ___DC C:\Users\Frau Napalm\AppData\Local\MigWiz
2013-12-29 11:22 - 2009-11-28 00:24 - 00000000 ____D C:\Windows\Panther
2013-12-29 11:12 - 2013-12-29 11:12 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-29 11:12 - 2013-12-29 11:11 - 00000000 ____D C:\Program Files\CCleaner
2013-12-29 11:10 - 2013-12-29 11:09 - 03571656 _____ (Piriform Ltd) C:\Users\Frau Napalm\Downloads\ccsetup409_slim.exe
2013-12-28 23:04 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-12-28 22:57 - 2011-05-11 09:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-12-28 22:54 - 2011-05-11 09:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-12-28 22:43 - 2011-05-11 09:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-28 10:38 - 2013-12-27 22:38 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-28 09:04 - 2013-12-28 09:04 - 00000000 ____D C:\Users\Frau Napalm\AppData\Roaming\AVAST Software
2013-12-27 23:49 - 2013-12-27 23:49 - 00000000 ____D C:\ProgramData\Oracle
2013-12-27 23:37 - 2013-12-27 23:37 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-27 23:36 - 2013-12-27 23:38 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-27 23:36 - 2013-12-27 23:37 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-27 23:36 - 2013-12-27 23:37 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-27 22:37 - 2013-03-29 22:16 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-27 22:37 - 2013-03-29 22:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-27 22:37 - 2013-03-29 22:16 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-27 22:37 - 2011-05-23 12:59 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-27 22:37 - 2011-05-23 12:59 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-27 22:37 - 2011-05-23 12:59 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-27 22:37 - 2011-05-23 12:59 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-27 22:37 - 2011-05-23 12:58 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-27 22:35 - 2011-05-23 12:59 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-12-27 22:35 - 2011-05-23 12:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-27 21:54 - 2013-12-27 21:54 - 00377856 _____ C:\Users\Frau Napalm\Desktop\gmer_2.1.19163.exe
2013-12-27 21:48 - 2013-12-27 21:48 - 00000000 ____D C:\FRST
2013-12-27 21:46 - 2013-12-27 21:46 - 00000000 _____ C:\Users\Frau Napalm\defogger_reenable
2013-12-27 21:44 - 2013-12-27 21:44 - 00050477 _____ C:\Users\Frau Napalm\Desktop\Defogger.exe
2013-12-26 23:52 - 2009-12-01 16:52 - 00001423 _____ C:\Users\Frau Napalm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-26 23:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-26 23:38 - 2013-12-26 23:38 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-26 23:38 - 2013-12-26 23:38 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-26 23:38 - 2013-12-26 23:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-26 23:38 - 2013-12-26 23:38 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-26 23:38 - 2013-12-26 23:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-26 23:38 - 2013-12-26 23:38 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-26 23:38 - 2013-12-26 23:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-26 23:38 - 2013-12-26 23:38 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-26 23:38 - 2013-12-26 23:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-26 23:04 - 2013-12-26 23:04 - 00000000 ____D C:\Users\Frau Napalm\AppData\Roaming\PDF Architect
2013-12-26 23:01 - 2013-12-26 23:01 - 00000000 ____D C:\Program Files\My Dell
2013-12-26 23:00 - 2010-12-10 16:36 - 00000000 ____D C:\Windows\pss
2013-12-26 23:00 - 2009-12-01 16:47 - 00000000 ___RD C:\Users\Frau Napalm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-26 22:57 - 2009-12-05 16:37 - 00004930 _____ C:\ProgramData\hpzinstall.log
2013-12-26 22:56 - 2010-12-03 16:50 - 00000000 ____D C:\Users\Frau Napalm\AppData\Roaming\Amazon
2013-12-26 22:56 - 2010-12-03 16:49 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-12-26 11:40 - 2009-07-14 18:58 - 00651774 _____ C:\Windows\system32\perfh007.dat
2013-12-26 11:40 - 2009-07-14 18:58 - 00128814 _____ C:\Windows\system32\perfc007.dat
2013-12-26 11:40 - 2009-07-14 06:13 - 01492188 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-26 10:07 - 2013-09-30 21:05 - 00041749 _____ C:\Windows\system32\lvcoinst.log
2013-12-24 23:55 - 2013-09-02 16:12 - 00000000 ____D C:\Users\Frau Napalm\AppData\Roaming\RavensburgerTipToi
2013-12-24 23:48 - 2013-09-02 16:10 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2013-12-21 18:27 - 2013-12-08 10:51 - 00000000 ____D C:\Users\Frau Napalm\AppData\Roaming\KeePass
2013-12-21 18:25 - 2013-12-21 18:24 - 00002222 _____ C:\Users\Frau Napalm\Documents\PWDB.kdbx
2013-12-21 09:33 - 2013-12-21 09:33 - 00000000 ____D C:\Windows\System32\Tasks\2BrightSparks
2013-12-21 09:33 - 2013-12-21 09:33 - 00000000 ____D C:\Users\Frau Napalm\AppData\Roaming\2BrightSparks
2013-12-21 09:33 - 2013-12-21 09:33 - 00000000 ____D C:\Users\Frau Napalm\AppData\Local\2BrightSparks
2013-12-21 09:33 - 2013-12-21 09:33 - 00000000 ____D C:\Program Files (x86)\2BrightSparks
2013-12-21 08:34 - 2013-12-21 08:33 - 11436096 _____ (2BrightSparks Pte Ltd                                       ) C:\Users\Frau Napalm\Downloads\SyncBack_Setup.exe
2013-12-19 14:11 - 2011-05-23 12:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-19 10:49 - 2013-12-19 10:49 - 01154851 _____ C:\Users\Frau Napalm\Downloads\Adressliste Weihnachtskarte_Master_131216_v04 (1).xlsx
2013-12-19 10:19 - 2013-12-19 10:19 - 01154851 _____ C:\Users\Frau Napalm\Downloads\Adressliste Weihnachtskarte_Master_131216_v04.xlsx
2013-12-19 07:07 - 2012-03-20 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-18 10:59 - 2013-12-18 10:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-16 19:45 - 2013-11-07 09:15 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-16 19:45 - 2013-05-23 08:46 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-16 11:49 - 2013-11-25 10:36 - 00000000 ____D C:\Users\Frau Napalm\AppData\Local\Windows Live
2013-12-15 20:19 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-14 13:52 - 2013-08-13 22:59 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 13:48 - 2009-12-02 09:41 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 10:12 - 2009-11-27 15:56 - 00000000 ____D C:\ProgramData\PCDr
2013-12-12 08:53 - 2013-12-11 12:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-12 08:48 - 2013-09-30 20:20 - 00569248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 19:45 - 2013-12-11 19:45 - 00002174 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-11 19:45 - 2009-12-02 11:14 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-11 14:12 - 2013-01-12 10:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 14:12 - 2012-03-30 06:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 14:12 - 2011-05-17 19:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 19:05 - 2013-12-10 19:05 - 00000000 ____D C:\Users\Frau Napalm\Downloads\Herbstliebe Schnitte 10.12
2013-12-08 09:01 - 2013-12-08 09:01 - 00000187 _____ C:\Users\Frau Napalm\Documents\NickMichelsPWs.key
2013-12-08 08:55 - 2013-12-08 08:55 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-12-06 10:36 - 2013-10-20 21:48 - 00182960 _____ C:\Users\Frau Napalm\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-05 21:59 - 2013-12-05 21:59 - 00022617 _____ C:\Users\Frau Napalm\Downloads\what_fish.zip

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.4560.dll


Some content of TEMP:
====================
C:\Users\Frau Napalm\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-31 10:34

==================== End Of Log ============================
--- --- ---

--- --- ---


und FRST addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2014
Ran by Frau Napalm at 2014-01-04 11:33:17
Running from C:\Users\Frau Napalm\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.615 - Adobe Systems, Inc.)
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Amazon Kindle (x32 Version:  - Amazon)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C5200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
C5200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden
CCleaner (Version: 4.09 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Corel Paint Shop Pro X (x32 Version: 10.10 - Corel Inc)
Corel Painter Photo Essentials 4 (x32 Version:  - Corel Corporation)
Corel Painter Photo Essentials 4 (x32 Version: 4.0 - Corel Corporation) Hidden
Corel PaintShop Pro X5 (x32 Version: 15.0.0.183 - Corel Corporation)
Corel PaintShop Pro X5 (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
Corel VideoStudio 12 (x32 Version: 12.0.0.0000 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (Version: 2.0.0 - Dell)
Dell Getting Started Guide (x32 Version: 1.00.0000 - Dell Inc.)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0 - Dell Inc.)
Designer 2.0 (x32 Version: 7.8.2 - Fomanu AG)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (October 2004) (x32 Version: 9.02.3900 - Microsoft) Hidden
dm-Fotowelt (x32 Version: 5.1.2 - CEWE COLOR AG u Co. OHG)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU Version: 2.0.22 - Dropbox, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Plug-In (HKCU Version:  - Facebook, Inc.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FontPage 3.0.0 (x32 Version:  - Bluefive software)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
FreeCommander 2009.02 (x32 Version: 2009.02 - Marek Jasinski)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (Version: 3.5 - HP)
HP Product Detection (x32 Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (Version: 4.60 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Update (x32 Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ICA (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
Inkscape 0.48.2 (x32 Version: 0.48.2 - )
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930 - Intel Corporation)
IPM_PSP_COM (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
IrfanView (remove only) (x32 Version: 4.36 - Irfan Skiljan)
Japanese Fonts Support For Adobe Reader 9 (x32 Version: 9.0.0 - Adobe Systems Incorporated)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
KeePass Password Safe 2.24 (x32 Version: 2.24 - Dominik Reichl)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LeapFrog Connect (x32 Version: 5.0.20.17316 - LeapFrog)
LeapFrog Connect (x32 Version: 5.0.20.17316 - LeapFrog) Hidden
LeapFrog My Pals Plugin (x32 Version: 5.0.19.17305 - LeapFrog) Hidden
LibreOffice 3.3 (x32 Version: 3.3.6 - LibreOffice)
Licensing Service Install (x32 Version: 2.0.1.181 - Protexis Inc.)
Logitech Vid HD (x32 Version: 7.2 (7230) - Logitech Inc..)
Logitech Webcam Software (x32 Version: 2.0 - Logitech Inc.)
LWS Facebook (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.30.1396.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.30.1346.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++  Compilers 2010 Standard - enu - x64 (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0 (x86 de) (x32 Version: 27.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (x32 Version: 1.8.2 - F.J. Wechselberger)
Nero 9 Lite (x32 Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.31.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
No23 Recorder (x32 Version: 2.1.0.3 - No23)
No23 Recorder (x32 Version: 2.1.0.3 - No23) Hidden
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
OnlineFotoservice (x32 Version:  - )
OpenAL (x32 Version:  - )
Opera 12.16 (x32 Version: 12.16.1860 - Opera Software ASA)
PC Connectivity Solution (x32 Version: 11.4.21.0 - Nokia)
PDF24 Creator 5.2.0 (x32 Version:  - PDF24.org)
PDFCreator (x32 Version: 1.7.1 - pdfforge)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoFiltre Studio X (HKCU Version:  - )
Picasa 3 (x32 Version: 3.8 - Google, Inc.)
Pidgin (x32 Version: 2.7.10 - )
Portrait Professional 9.8 Test (x32 Version: 9.8 - Anthropics Technology Ltd.)
PrivaZer (HKCU Version: 2.3.2.0 - Goversoft LLC)
PS_AIO_02_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PSPPContent (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
PSPPro64 (Version: 15.0.0.183 - Corel Corporation) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Ravensburger tiptoi (x32 Version:  - )
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5864 - Realtek Semiconductor Corp.)
SAMSUNG Intelli-studio (x32 Version:  - )
Samsung Kies (x32 Version: 2.1.0.11112_41 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.1.0.11112_41 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Scan2PDF 1.6 (x32 Version:  - Koma-Code)
Setup (x32 Version: 15.0.0.183 - Ihr Firmenname) Hidden
Skype™ 6.3 (x32 Version: 6.3.107 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (x32 Version: 3.0.5.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.5.0 - SmartSound Software Inc) Hidden
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKCU Version: 0.9.6.81.gd359a796 - Spotify AB)
spotimote (x32 Version:  - )
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
StreamTransport version: 1.0.2.2171 (x32 Version:  - )
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
SyncBackFree (x32 Version: 6.5.15.0 - 2BrightSparks)
Tinypic 3.14 (x32 Version: Tinypic 3.14 - E. Fiedler)
TomTom HOME (x32 Version: 2.9.5 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (x32 Version:  - LeapFrog)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden
WCF RIA Services V1.0 SP1 (x32 Version: 4.1.60114.0 - Microsoft Corporation)
WD My Cloud (Version: 1.0.3.12 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (x32 Version: 5.621  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (x32 Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
Windows XP Mode (Version: 1.3.7600.16422 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH)
WinSCP 4.3.6 (x32 Version: 4.3.6 - Martin Prikryl)

==================== Restore Points  =========================

01-01-2014 13:53:14 ComboFix created restore point
03-01-2014 11:22:01 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-01-01 15:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {2ACF5B5D-B82D-4AFF-AEDD-0EB50FAC3812} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {7EA87AED-88FF-4213-9648-D36D99E41A54} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {8382C490-79CA-4342-B415-34052C99C3AB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-27] (AVAST Software)
Task: {8AEE50AD-F7CE-41FE-9BBD-2FD99F4A8DC0} - System32\Tasks\{6F2699AB-9FD4-4568-8935-781373982B0D} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-04-19] (Skype Technologies S.A.)
Task: {BC403EC4-FAA9-44F6-B5EB-26056D955977} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-02] (Google Inc.)
Task: {DB6ACFF3-657B-4A90-A8EF-014CD7D7BFF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-02] (Google Inc.)
Task: {F4F1CB02-6ED0-4981-BF94-A366CCCCCBF4} - System32\Tasks\WIN-4OG2H4F0TO3\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-11-27 15:46 - 2009-07-17 18:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2014-01-03 20:32 - 2014-01-03 19:28 - 02152960 _____ () C:\Program Files\AVAST Software\Avast\defs\14010300\algo.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\Frau Napalm\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-27 22:37 - 2013-12-27 22:37 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-05 08:50 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 08:50 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 08:50 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 08:50 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 08:50 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 08:50 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1505 Draft 802.11n WLAN Mini-Card
Description: Dell Wireless 1505 Draft 802.11n WLAN Mini-Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (01/04/2014 11:28:55 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-01-01 15:15:25.448
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-01 15:15:25.292
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 55%
Total physical RAM: 4085.18 MB
Available physical RAM: 1835.81 MB
Total Pagefile: 8168.53 MB
Available Pagefile: 5605.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.53 GB) (Free:19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A0000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Alt 05.01.2014, 11:43   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam - Standard

Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam
anhang, arbeitsspeicher, brauch, erklärung, explorer, extrem, festgestellt, festplatte, gekauft, gestellt, kurzer, langsam, lokale, lokalen, netzwerk, nutzung, platte, probleme, punkt, ram, rechner, tagen, virus, win, win7


« Mein Antiviren Programm schlägt ALARM! | Windows 7: GPU-Auslatung immer bei 98% »


Ähnliche Themen: Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam


  1. Internet wird extrem langsam / Ereignislog - TCP, Vecna scan, syn flood
    Plagegeister aller Art und deren Bekämpfung - 03.06.2015 (1)
  2. WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam
    Log-Analyse und Auswertung - 02.06.2015 (23)
  3. [Win7.64bit] svchost.exe (netscvs) braucht mehr als 1GB Ram - Rechner dadurch langsam
    Log-Analyse und Auswertung - 20.05.2015 (28)
  4. WIN7 Laptop extrem langsam; FRST#1 logfile im Post
    Plagegeister aller Art und deren Bekämpfung - 12.04.2015 (16)
  5. Win 8, Chrome extrem langsam und about:blank wird geöffnet
    Log-Analyse und Auswertung - 12.09.2014 (19)
  6. WIN7 Extrem langsam!
    Alles rund um Windows - 31.01.2014 (23)
  7. Win7 PC Systhem extrem langsam - möglicherweise Trojaner
    Log-Analyse und Auswertung - 15.01.2014 (12)
  8. Systemstart (Win7) extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 31.10.2013 (18)
  9. PC (Win7) plötzlich extrem langsam
    Log-Analyse und Auswertung - 04.02.2013 (18)
  10. Pc/Internet wird nach einiger Zeit extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (1)
  11. PC wird mit Internetverbindung extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (4)
  12. Explorer extrem langsam/TR noch vorhanden?
    Log-Analyse und Auswertung - 06.07.2012 (9)
  13. Google wird umgeleitet, Browser extrem langsam, Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (7)
  14. Internet wird extrem langsam (von 1,5MB auf 100-200KB) Logfile vorhanden
    Log-Analyse und Auswertung - 21.10.2011 (1)
  15. Explorer läd Seiten extrem langsam!
    Log-Analyse und Auswertung - 01.09.2011 (8)
  16. Windows Explorer langsam/ Rechner extrem lansam
    Log-Analyse und Auswertung - 28.07.2009 (9)
  17. Rechner ist extrem langsam und explorer.exe stürzt immer ab
    Log-Analyse und Auswertung - 06.02.2007 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam - Hallo, mein Rechner ist seit einigen Tagen extrem langsam. Nah kurzer Recherche habe ich festgestellt, dass der Explorer extrem viel Arbeitsspeicher verwendet. Virus oder Windows-Problem? Mögliche Erklärung wäre höchstens die - Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam...
Archiv
Du betrachtest: Win7: Explorer braucht 1,7GB von 4GB RAM, PC wird extrem langsam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58