Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win7, A1 Rechnung #438192 von 05-02-14

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.02.2014, 21:01   #1
wauzz132
 
Win7, A1 Rechnung #438192 von 05-02-14 - Standard

Win7, A1 Rechnung #438192 von 05-02-14



Hallo zusammen,
Freundin hat im erhaltenen E-Mail (lt. Betreff) leider "irrtümlich" auf den Anhang "quittung2014.05.02.rtf" geklickt, worauf sich ein Excel file öffnete mit der Meldung ~ zum anzeigen doppelklicken, und sich nach dem doppelklick dann aber nichts tat.
Danach habe ich avast Überprüfung gestartet mit 3 und nach Neustart und empfohlenem scan vor dem kompletten boot, 34 infizierten Funden, welche dann alle in die Quarantäne verschoben wurden. Leider finde ich keine Logs dazu.

Bitte um eure Hilfe.

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:25 on 10/02/2014 (Emanuel Standard)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         


Vielen Dank vorab

Alt 10.02.2014, 21:35   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win7, A1 Rechnung #438192 von 05-02-14 - Standard

Win7, A1 Rechnung #438192 von 05-02-14



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 10.02.2014, 21:48   #3
wauzz132
 
Win7, A1 Rechnung #438192 von 05-02-14 - Standard

Win7, A1 Rechnung #438192 von 05-02-14



Hi,
ok, bei Vorschau im vorigen post, kam automatisch der Hinweis, man solle die Logs als Archiv
anhängen.


FRST Logfile:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014
Ran by Emanuel (ATTENTION: The logged in user is not administrator) on EMANUEL-PC on 10-02-2014 20:28:31
Running from C:\Users\Emanuel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
() C:\Windows\PLFSetI.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
() C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files (x86)\A1 Dashboard\Dashboard.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PMMdatamgr.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7940128 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [824352 2009-08-29] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-01-15] ()
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [825864 2009-08-17] (Dritek System Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-31] (AVAST Software)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\d5e90d31-366b-4056-8be5-d7ebddceb493.exe /check [181136 2014-01-26] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-18] (Google Inc.)
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: D - D:\Autorun.exe
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: E - E:\Windows/AutoRun.exe
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: {52c1f3f7-e2fc-11e1-8275-001e6425277c} - D:\Autorun.exe
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: {c44e7087-f153-11de-b4a5-00269e6d05dc} - E:\LaunchU3.exe -a
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: {d42440c1-8fde-11e3-9d5a-00269e6d05dc} - E:\LaunchU3.exe -a
Startup: C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_1810tz&r=273612090006l03e3z175t4861a37o
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.at/s/v/66.30/uploader2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{85F828BB-E1B6-4D1B-B9C0-272561C1F5CF}: [NameServer]194.48.139.254 194.48.128.199

FireFox:
========
FF ProfilePath: C:\Users\Emanuel\AppData\Roaming\Mozilla\Firefox\Profiles\qd05e0jn.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-08]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Skype Click to Call) - C:\Users\Emanuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-31] (AVAST Software)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1024384 2013-01-14] (Enigma Software Group USA, LLC.)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-31] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-23] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [123648 2010-12-03] (D-Link Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [123648 2010-12-03] (D-Link Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [123648 2010-12-03] (D-Link Incorporated)
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-10 20:28 - 2014-02-10 20:29 - 00016973 _____ () C:\Users\Emanuel\Desktop\FRST.txt
2014-02-10 20:27 - 2014-02-10 20:28 - 00000000 ____D () C:\FRST
2014-02-10 20:27 - 2014-02-10 20:27 - 02150400 _____ (Farbar) C:\Users\Emanuel\Desktop\FRST64.exe
2014-02-10 20:25 - 2014-02-10 20:25 - 00000494 _____ () C:\Users\Emanuel\Desktop\defogger_disable.log
2014-02-10 20:25 - 2014-02-10 20:25 - 00000000 _____ () C:\Users\Emanuel Standard\defogger_reenable
2014-02-10 20:24 - 2014-02-10 20:25 - 00050477 _____ () C:\Users\Emanuel\Downloads\Defogger.exe
2014-02-09 20:38 - 2014-02-09 20:38 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\CrashDumps
2014-02-09 19:15 - 2014-02-09 19:16 - 00014848 _____ () C:\Users\Emanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\Documents\Corel PaintShop Pro
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Ulead Systems
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Corel
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\Corel PaintShop Pro
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\Documents\Corel PaintShop Pro
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\Ulead Systems
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Local\Corel PaintShop Pro
2014-02-09 19:07 - 2014-02-09 19:07 - 00000000 ____D () C:\ProgramData\Corel
2014-02-09 19:04 - 2014-02-09 19:04 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-01-31 19:54 - 2014-01-31 19:54 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-19 20:19 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-19 20:19 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-19 20:19 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-19 20:19 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-19 20:19 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-19 20:19 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-19 20:19 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-19 20:19 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-19 20:19 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-19 20:19 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-19 20:19 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-19 20:19 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-19 20:19 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-19 20:19 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-19 20:19 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-19 20:19 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-19 20:19 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-19 20:19 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-19 20:19 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-19 20:19 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-19 20:19 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-19 20:19 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-19 20:19 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-19 20:19 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-19 20:19 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-19 20:19 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-19 20:19 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-19 20:19 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-19 20:19 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-19 20:19 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-19 20:19 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-19 17:27 - 2014-01-19 17:27 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-19 17:06 - 2014-01-19 17:16 - 00000000 ____D () C:\Program Files (x86)\PDF Blender
2014-01-19 17:05 - 2014-01-19 17:06 - 00599173 _____ () C:\Users\Emanuel\Downloads\PDFBlenderSetup1.1.2(1).exe
2014-01-19 17:05 - 2014-01-19 17:05 - 00599173 _____ () C:\Users\Emanuel\Downloads\PDFBlenderSetup1.1.2.exe
2014-01-19 03:24 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-01-19 03:17 - 2014-01-19 03:17 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-19 03:17 - 2014-01-19 03:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-19 03:17 - 2014-01-19 03:17 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-19 03:17 - 2014-01-19 03:17 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-19 03:17 - 2014-01-19 03:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-19 03:17 - 2014-01-19 03:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-19 03:17 - 2014-01-19 03:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-16 21:08 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 21:08 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 21:08 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-10 20:29 - 2014-02-10 20:28 - 00016973 _____ () C:\Users\Emanuel\Desktop\FRST.txt
2014-02-10 20:28 - 2014-02-10 20:27 - 00000000 ____D () C:\FRST
2014-02-10 20:28 - 2009-12-21 08:33 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Skype
2014-02-10 20:27 - 2014-02-10 20:27 - 02150400 _____ (Farbar) C:\Users\Emanuel\Desktop\FRST64.exe
2014-02-10 20:25 - 2014-02-10 20:25 - 00000494 _____ () C:\Users\Emanuel\Desktop\defogger_disable.log
2014-02-10 20:25 - 2014-02-10 20:25 - 00000000 _____ () C:\Users\Emanuel Standard\defogger_reenable
2014-02-10 20:25 - 2014-02-10 20:24 - 00050477 _____ () C:\Users\Emanuel\Downloads\Defogger.exe
2014-02-10 20:25 - 2012-08-09 19:16 - 00000000 ____D () C:\Users\Emanuel Standard
2014-02-10 20:05 - 2012-09-22 18:32 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-10 20:03 - 2012-08-15 20:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-10 20:02 - 2013-02-08 21:35 - 01301016 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 19:05 - 2012-09-22 18:32 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-10 18:30 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-10 18:30 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 18:27 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-10 18:27 - 2008-01-15 17:47 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-02-10 18:27 - 2008-01-15 17:47 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-02-10 18:23 - 2013-02-08 21:33 - 00020724 _____ () C:\Windows\setupact.log
2014-02-10 18:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-09 20:38 - 2014-02-09 20:38 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\CrashDumps
2014-02-09 20:02 - 2010-02-03 22:52 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\U3
2014-02-09 19:16 - 2014-02-09 19:15 - 00014848 _____ () C:\Users\Emanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\Documents\Corel PaintShop Pro
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Ulead Systems
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Corel
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\Corel PaintShop Pro
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\Documents\Corel PaintShop Pro
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\Ulead Systems
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Local\Corel PaintShop Pro
2014-02-09 19:07 - 2014-02-09 19:07 - 00000000 ____D () C:\ProgramData\Corel
2014-02-09 19:04 - 2014-02-09 19:04 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-02-05 23:24 - 2013-03-09 21:00 - 00093982 _____ () C:\Windows\PFRO.log
2014-02-05 17:03 - 2012-03-29 20:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 17:03 - 2011-05-17 21:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-31 19:54 - 2014-01-31 19:54 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-31 19:53 - 2013-12-23 15:49 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-31 19:53 - 2013-02-08 23:55 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-31 19:53 - 2013-02-08 23:54 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-31 19:53 - 2013-02-08 23:54 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-31 19:53 - 2013-02-08 23:54 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-31 19:53 - 2010-11-27 23:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-31 19:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-01-20 20:56 - 2013-12-15 20:17 - 00000000 ____D () C:\Users\Emanuel\Documents\Bewerbung
2014-01-20 18:45 - 2011-12-06 19:58 - 00000000 ____D () C:\Program Files (x86)\D-Link Connection Manager
2014-01-19 17:27 - 2014-01-19 17:27 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-19 17:16 - 2014-01-19 17:06 - 00000000 ____D () C:\Program Files (x86)\PDF Blender
2014-01-19 17:06 - 2014-01-19 17:05 - 00599173 _____ () C:\Users\Emanuel\Downloads\PDFBlenderSetup1.1.2(1).exe
2014-01-19 17:05 - 2014-01-19 17:05 - 00599173 _____ () C:\Users\Emanuel\Downloads\PDFBlenderSetup1.1.2.exe
2014-01-19 12:27 - 2011-07-25 17:53 - 00001425 _____ () C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-19 12:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-19 03:24 - 2013-12-07 18:25 - 00130254 _____ () C:\Windows\IE11_main.log
2014-01-19 03:17 - 2014-01-19 03:17 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-19 03:17 - 2014-01-19 03:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-19 03:17 - 2014-01-19 03:17 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-19 03:17 - 2014-01-19 03:17 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-19 03:17 - 2014-01-19 03:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-19 03:17 - 2014-01-19 03:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-19 03:17 - 2014-01-19 03:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-17 20:29 - 2009-07-14 05:45 - 00369056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 22:22 - 2013-07-31 06:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 22:18 - 2009-12-21 08:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Emanuel\AppData\Local\Temp\install_flashplayer11x32axau_gtbp_chra_aih.exe
C:\Users\Emanuel\AppData\Local\Temp\install_flashplayer12x32au_mssa_awe_aih.exe
C:\Users\Emanuel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Emanuel Standard\AppData\Local\Temp\RHSetup.exe
C:\Users\Emanuel Standard\AppData\Local\Temp\SHSetup.exe
C:\Users\Emanuel Standard\AppData\Local\Temp\{A3658197-9B1B-434A-9AD6-1D59F528E086}-24.0.1312.57_chrome_installer.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---




Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014
Ran by Emanuel at 2014-02-10 20:29:46
Running from C:\Users\Emanuel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

A1 Dashboard (x32 Version: 1.16.1.0 - A1 Telekom Austria AG)
A1 Dashboard (x32 Version: 1.16.1.0 - A1 Telekom Austria AG) Hidden
Acer Crystal Eye webcam Ver:1.1.95.714 (x32 Version: 1.1.95.714 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (x32 Version: 4.05.3003 - Acer Incorporated)
Acer eRecovery Management (x32 Version: 4.05.3003 - Acer Incorporated)
Acer GridVista (x32 Version: 3.01.0730 - Acer Inc.)
Acer Registration (x32 Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.06.0804 - Acer Incorporated)
Acer Updater (x32 Version: 1.01.3014 - Acer Incorporated)
Acer VCM (x32 Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1280 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001 - Alcor Micro Corp.) Hidden
aonUpdate (x32 Version:  - Telekom Austria TA AG)
aonUpdate (x32 Version: 1.3 - Telekom Austria TA AG) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.5 - Atheros Communications Inc.)
avast! Free Antivirus (x32 Version: 9.0.2013 - Avast Software)
CCleaner (Version: 3.21 - Piriform)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Corel PaintShop Pro X5 (x32 Version: 15.0.0.183 - Corel Corporation)
Corel PaintShop Pro X5 (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
Direkt Foto System 3.x (x32 Version:  - )
D-Link Connection Manager (x32 Version: 1.0.0.1 - Global Digital)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25) - Martijn de Visser)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)
ICA (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
Identity Card (x32 Version: 1.00.3001 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (Version:  - Intel Corporation)
IPM_PSP_COM (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
Java 7 Update 25 (x32 Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (x32 Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (x32 Version: 3.0.02 - Acer Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MyWinLocker (x32 Version: 3.1.72.0 - Egis Technology Inc.)
Notepad++ (x32 Version: 5.9.3 - )
OpenOffice.org 3.3 (x32 Version: 3.3.9567 - OpenOffice.org)
PDF24 Creator 6.2.0 (x32 Version:  - PDF24.org)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
PSPPContent (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
PSPPro64 (Version: 15.0.0.183 - Corel Corporation) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5888 - Realtek Semiconductor Corp.)
Setup (x32 Version: 15.0.0.183 - Ihr Firmenname) Hidden
Skype Click to Call (x32 Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SoulSeek Client 156c (x32 Version:  - )
SpyHunter (Version: 4.12.13.4202 - Enigma Software Group USA, LLC)
Synaptics Pointing Device Driver (Version: 13.2.2.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
VLC media player 2.0.8 (x32 Version: 2.0.8 - VideoLAN)
Welcome Center (x32 Version: 1.00.3005 - Acer Incorporated)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (x32 Version: 5.00.0 - win.rar GmbH)
Zattoo4 4.0.5 (x32 Version: 4.0.5 - Zattoo Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2011-07-18 22:04 - 2011-07-18 22:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2008-01-15 09:02 - 2008-01-15 09:02 - 00200704 _____ () C:\Windows\PLFSetI.exe
2011-12-06 19:58 - 2010-12-03 20:24 - 00128288 _____ () C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
2013-12-07 18:44 - 2013-12-07 18:44 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-01-17 16:19 - 2011-10-30 17:55 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-11-19 18:45 - 2011-10-30 17:55 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2010-09-03 18:37 - 2010-09-03 18:37 - 01097728 _____ () C:\Program Files (x86)\A1 Dashboard\NDISAPI.DLL
2010-08-19 18:32 - 2010-08-19 18:32 - 00086016 _____ () C:\Program Files (x86)\A1 Dashboard\resetregistry.dll
2011-04-18 08:16 - 2011-04-18 08:16 - 01421824 _____ () C:\Program Files (x86)\A1 Dashboard\Skins\A1\A1Skin.dbskin

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:661DFA1C
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2014 08:38:02 PM) (Source: Application Error) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Creative_Collection.exe wurde wegen dieses Fehlers geschlossen.

Programm: Creative_Collection.exe
Datei: 

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
	- diese sich im Netzwerk befindet, 
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
	- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C0000098
Datenträgertyp: 0

Error: (02/09/2014 08:38:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Creative_Collection.exe, Version: 0.0.0.0, Zeitstempel: 0x482518da
Name des fehlerhaften Moduls: Creative_Collection.exe, Version: 0.0.0.0, Zeitstempel: 0x482518da
Ausnahmecode: 0xc0000006
Fehleroffset: 0x0004457f
ID des fehlerhaften Prozesses: 0x15a8
Startzeit der fehlerhaften Anwendung: 0xCreative_Collection.exe0
Pfad der fehlerhaften Anwendung: Creative_Collection.exe1
Pfad des fehlerhaften Moduls: Creative_Collection.exe2
Berichtskennung: Creative_Collection.exe3

Error: (02/09/2014 07:08:16 PM) (Source: MsiInstaller) (User: Emanuel-PC)
Description: Product: ICA -- Error 1309.Error reading from file: f:\paintshop pro x5\Lang\PL\Required\Help.htm.  System error 3.  Verify that the file exists and that you can access it.

Error: (02/09/2014 07:01:23 PM) (Source: MsiInstaller) (User: Emanuel-PC)
Description: Product: Setup -- 1: Setup.msi: This installation cannot be run by directly launching the MSI package. You must run setup.exe.

Error: (02/05/2014 11:56:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/05/2014 11:56:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/05/2014 11:56:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/05/2014 11:56:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/05/2014 11:55:52 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (01/31/2014 06:59:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (02/10/2014 07:13:22 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (02/10/2014 07:13:22 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (02/10/2014 06:23:25 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (02/09/2014 11:23:55 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/09/2014 11:03:37 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (02/09/2014 09:37:57 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/09/2014 08:02:11 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.

Error: (02/09/2014 08:02:09 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.

Error: (02/09/2014 07:31:59 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (02/09/2014 07:31:57 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.


Microsoft Office Sessions:
=========================
Error: (02/09/2014 08:38:02 PM) (Source: Application Error)(User: )
Description: Creative_Collection.exeC00000980

Error: (02/09/2014 08:38:02 PM) (Source: Application Error)(User: )
Description: Creative_Collection.exe0.0.0.0482518daCreative_Collection.exe0.0.0.0482518dac00000060004457f15a801cf25c34582d721F:\Paintshop Pro X5\CD2\CreativeCollection\Creative_Collection.exeF:\Paintshop Pro X5\CD2\CreativeCollection\Creative_Collection.exeafa8fd72-91c1-11e3-9d5a-00269e6d05dc

Error: (02/09/2014 07:08:16 PM) (Source: MsiInstaller)(User: Emanuel-PC)
Description: Product: ICA -- Error 1309.Error reading from file: f:\paintshop pro x5\Lang\PL\Required\Help.htm.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/09/2014 07:01:23 PM) (Source: MsiInstaller)(User: Emanuel-PC)
Description: Product: Setup -- 1: Setup.msi: This installation cannot be run by directly launching the MSI package. You must run setup.exe. (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/05/2014 11:56:23 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (02/05/2014 11:56:23 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (02/05/2014 11:56:23 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (02/05/2014 11:56:23 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe

Error: (02/05/2014 11:55:52 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\hartlauerfotoservice3\DelZip179.dllc:\program files (x86)\hartlauerfotoservice3\DelZip179.dll8

Error: (01/31/2014 06:59:47 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe


==================== Memory info =========================== 

Percentage of memory in use: 58%
Total physical RAM: 1978.91 MB
Available physical RAM: 816.98 MB
Total Pagefile: 3957.83 MB
Available Pagefile: 2312.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:220.79 GB) (Free:126.66 GB) NTFS
Drive d: (A1 Dashboard) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
__________________

Alt 10.02.2014, 21:52   #4
wauzz132
 
Win7, A1 Rechnung #438192 von 05-02-14 - Standard

Win7, A1 Rechnung #438192 von 05-02-14



Gmer Teil1

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-10 20:46:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FBEO 232,89GB
Running: jcm3f2xb.exe; Driver: C:\Users\EMANUE~1\AppData\Local\Temp\kxliyfog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                    0000000077a91360 5 bytes JMP 0000000149a00460
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                             0000000077a913b0 5 bytes JMP 0000000149a00450
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                             0000000077a91510 5 bytes JMP 0000000149a00370
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                  0000000077a91560 5 bytes JMP 0000000149a00470
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                        0000000077a91570 5 bytes JMP 0000000149a003e0
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                             0000000077a91620 5 bytes JMP 0000000149a00320
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                      0000000077a91650 5 bytes JMP 0000000149a003b0
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                         0000000077a91670 5 bytes JMP 0000000149a00390
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                               0000000077a916b0 5 bytes JMP 0000000149a002e0
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                             0000000077a91730 5 bytes JMP 0000000149a002d0
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                           0000000077a91750 5 bytes JMP 0000000149a00310
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                            0000000077a91790 5 bytes JMP 0000000149a003c0
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                         0000000077a917e0 5 bytes JMP 0000000149a003f0
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                            0000000077a91940 5 bytes JMP 0000000149a00230
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                 0000000077a91b00 5 bytes JMP 0000000149a00480
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                0000000077a91b30 5 bytes JMP 0000000149a003a0
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                         0000000077a91c10 5 bytes JMP 0000000149a002f0
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                      0000000077a91c20 5 bytes JMP 0000000149a00350
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                            0000000077a91c80 5 bytes JMP 0000000149a00290
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                         0000000077a91d10 5 bytes JMP 0000000149a002b0
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                          0000000077a91d30 5 bytes JMP 0000000149a003d0
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                             0000000077a91d40 5 bytes JMP 0000000149a00330
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                      0000000077a91db0 5 bytes JMP 0000000149a00410
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                         0000000077a91de0 5 bytes JMP 0000000149a00240
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                              0000000077a920a0 5 bytes JMP 0000000149a001e0
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                         0000000077a92160 5 bytes JMP 0000000149a00250
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                         0000000077a92190 5 bytes JMP 0000000149a00490
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                0000000077a921a0 5 bytes JMP 0000000149a004a0
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                           0000000077a921d0 5 bytes JMP 0000000149a00300
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                        0000000077a921e0 5 bytes JMP 0000000149a00360
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                              0000000077a92240 5 bytes JMP 0000000149a002a0
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                           0000000077a92290 5 bytes JMP 0000000149a002c0
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                              0000000077a922c0 5 bytes JMP 0000000149a00380
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                               0000000077a922d0 5 bytes JMP 0000000149a00340
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                        0000000077a925c0 5 bytes JMP 0000000149a00440
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                       0000000077a927c0 5 bytes JMP 0000000149a00260
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                          0000000077a927d0 5 bytes JMP 0000000149a00270
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                        0000000077a927e0 5 bytes JMP 0000000149a00400
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                    0000000077a929a0 5 bytes JMP 0000000149a001f0
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                     0000000077a929b0 5 bytes JMP 0000000149a00210
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                          0000000077a92a20 5 bytes JMP 0000000149a00200
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                          0000000077a92a80 5 bytes JMP 0000000149a00420
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                           0000000077a92a90 5 bytes JMP 0000000149a00430
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                      0000000077a92aa0 5 bytes JMP 0000000149a00220
.text   C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                              0000000077a92b80 5 bytes JMP 0000000149a00280
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 0000000077a91360 5 bytes JMP 0000000077bf0460
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          0000000077a913b0 5 bytes JMP 0000000077bf0450
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                          0000000077a91510 5 bytes JMP 0000000077bf0370
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               0000000077a91560 5 bytes JMP 0000000077bf0470
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     0000000077a91570 5 bytes JMP 0000000077bf03e0
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          0000000077a91620 5 bytes JMP 0000000077bf0320
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   0000000077a91650 5 bytes JMP 0000000077bf03b0
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                      0000000077a91670 5 bytes JMP 0000000077bf0390
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          0000000077a91730 5 bytes JMP 0000000077bf02d0
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        0000000077a91750 5 bytes JMP 0000000077bf0310
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         0000000077a91790 5 bytes JMP 0000000077bf03c0
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         0000000077a91940 5 bytes JMP 0000000077bf0230
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              0000000077a91b00 5 bytes JMP 0000000077bf0480
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   0000000077a91c20 5 bytes JMP 0000000077bf0350
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         0000000077a91c80 5 bytes JMP 0000000077bf0290
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          0000000077a91d40 5 bytes JMP 0000000077bf0330
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   0000000077a91db0 5 bytes JMP 0000000077bf0410
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      0000000077a91de0 5 bytes JMP 0000000077bf0240
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      0000000077a92160 5 bytes JMP 0000000077bf0250
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      0000000077a92190 5 bytes JMP 0000000077bf0490
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        0000000077a921d0 5 bytes JMP 0000000077bf0300
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     0000000077a921e0 5 bytes JMP 0000000077bf0360
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           0000000077a92240 5 bytes JMP 0000000077bf02a0
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        0000000077a92290 5 bytes JMP 0000000077bf02c0
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                           0000000077a922c0 5 bytes JMP 0000000077bf0380
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            0000000077a922d0 5 bytes JMP 0000000077bf0340
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     0000000077a925c0 5 bytes JMP 0000000077bf0440
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    0000000077a927c0 5 bytes JMP 0000000077bf0260
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       0000000077a927d0 5 bytes JMP 0000000077bf0270
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     0000000077a927e0 5 bytes JMP 0000000077bf0400
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  0000000077a929b0 5 bytes JMP 0000000077bf0210
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       0000000077a92a20 5 bytes JMP 0000000077bf0200
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       0000000077a92a80 5 bytes JMP 0000000077bf0420
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        0000000077a92a90 5 bytes JMP 0000000077bf0430
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text   C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           0000000077a92b80 5 bytes JMP 0000000077bf0280
.text   C:\Windows\system32\services.exe[564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007797eecd 1 byte [62]
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                    0000000077a91360 5 bytes JMP 0000000077bf0460
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                             0000000077a913b0 5 bytes JMP 0000000077bf0450
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                             0000000077a91510 5 bytes JMP 0000000077bf0370
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                  0000000077a91560 5 bytes JMP 0000000077bf0470
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                        0000000077a91570 5 bytes JMP 0000000077bf03e0
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                             0000000077a91620 5 bytes JMP 0000000077bf0320
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                      0000000077a91650 5 bytes JMP 0000000077bf03b0
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                         0000000077a91670 5 bytes JMP 0000000077bf0390
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                               0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                             0000000077a91730 5 bytes JMP 0000000077bf02d0
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                           0000000077a91750 5 bytes JMP 0000000077bf0310
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                            0000000077a91790 5 bytes JMP 0000000077bf03c0
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                         0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                            0000000077a91940 5 bytes JMP 0000000077bf0230
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                 0000000077a91b00 5 bytes JMP 0000000077bf0480
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                         0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                      0000000077a91c20 5 bytes JMP 0000000077bf0350
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                            0000000077a91c80 5 bytes JMP 0000000077bf0290
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                         0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                          0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                             0000000077a91d40 5 bytes JMP 0000000077bf0330
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                      0000000077a91db0 5 bytes JMP 0000000077bf0410
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                         0000000077a91de0 5 bytes JMP 0000000077bf0240
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                              0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                         0000000077a92160 5 bytes JMP 0000000077bf0250
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                         0000000077a92190 5 bytes JMP 0000000077bf0490
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                           0000000077a921d0 5 bytes JMP 0000000077bf0300
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                        0000000077a921e0 5 bytes JMP 0000000077bf0360
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                              0000000077a92240 5 bytes JMP 0000000077bf02a0
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                           0000000077a92290 5 bytes JMP 0000000077bf02c0
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                              0000000077a922c0 5 bytes JMP 0000000077bf0380
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                               0000000077a922d0 5 bytes JMP 0000000077bf0340
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                        0000000077a925c0 5 bytes JMP 0000000077bf0440
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                       0000000077a927c0 5 bytes JMP 0000000077bf0260
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                          0000000077a927d0 5 bytes JMP 0000000077bf0270
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                        0000000077a927e0 5 bytes JMP 0000000077bf0400
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                    0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                     0000000077a929b0 5 bytes JMP 0000000077bf0210
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                          0000000077a92a20 5 bytes JMP 0000000077bf0200
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                          0000000077a92a80 5 bytes JMP 0000000077bf0420
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                           0000000077a92a90 5 bytes JMP 0000000077bf0430
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                      0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text   C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                              0000000077a92b80 5 bytes JMP 0000000077bf0280
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  0000000077a91360 5 bytes JMP 0000000077bf0460
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           0000000077a913b0 5 bytes JMP 0000000077bf0450
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                           0000000077a91510 5 bytes JMP 0000000077bf0370
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                0000000077a91560 5 bytes JMP 0000000077bf0470
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      0000000077a91570 5 bytes JMP 0000000077bf03e0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           0000000077a91620 5 bytes JMP 0000000077bf0320
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    0000000077a91650 5 bytes JMP 0000000077bf03b0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                       0000000077a91670 5 bytes JMP 0000000077bf0390
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           0000000077a91730 5 bytes JMP 0000000077bf02d0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         0000000077a91750 5 bytes JMP 0000000077bf0310
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          0000000077a91790 5 bytes JMP 0000000077bf03c0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          0000000077a91940 5 bytes JMP 0000000077bf0230
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               0000000077a91b00 5 bytes JMP 0000000077bf0480
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    0000000077a91c20 5 bytes JMP 0000000077bf0350
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          0000000077a91c80 5 bytes JMP 0000000077bf0290
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           0000000077a91d40 5 bytes JMP 0000000077bf0330
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    0000000077a91db0 5 bytes JMP 0000000077bf0410
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       0000000077a91de0 5 bytes JMP 0000000077bf0240
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       0000000077a92160 5 bytes JMP 0000000077bf0250
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       0000000077a92190 5 bytes JMP 0000000077bf0490
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         0000000077a921d0 5 bytes JMP 0000000077bf0300
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      0000000077a921e0 5 bytes JMP 0000000077bf0360
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            0000000077a92240 5 bytes JMP 0000000077bf02a0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         0000000077a92290 5 bytes JMP 0000000077bf02c0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                            0000000077a922c0 5 bytes JMP 0000000077bf0380
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                             0000000077a922d0 5 bytes JMP 0000000077bf0340
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      0000000077a925c0 5 bytes JMP 0000000077bf0440
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     0000000077a927c0 5 bytes JMP 0000000077bf0260
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        0000000077a927d0 5 bytes JMP 0000000077bf0270
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      0000000077a927e0 5 bytes JMP 0000000077bf0400
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   0000000077a929b0 5 bytes JMP 0000000077bf0210
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        0000000077a92a20 5 bytes JMP 0000000077bf0200
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        0000000077a92a80 5 bytes JMP 0000000077bf0420
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         0000000077a92a90 5 bytes JMP 0000000077bf0430
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            0000000077a92b80 5 bytes JMP 0000000077bf0280
.text   C:\Windows\system32\svchost.exe[740] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007797eecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  0000000077a91360 5 bytes JMP 0000000077bf0460
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           0000000077a913b0 5 bytes JMP 0000000077bf0450
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                           0000000077a91510 5 bytes JMP 0000000077bf0370
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                0000000077a91560 5 bytes JMP 0000000077bf0470
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      0000000077a91570 5 bytes JMP 0000000077bf03e0
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           0000000077a91620 5 bytes JMP 0000000077bf0320
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    0000000077a91650 5 bytes JMP 0000000077bf03b0
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                       0000000077a91670 5 bytes JMP 0000000077bf0390
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           0000000077a91730 5 bytes JMP 0000000077bf02d0
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         0000000077a91750 5 bytes JMP 0000000077bf0310
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          0000000077a91790 5 bytes JMP 0000000077bf03c0
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          0000000077a91940 5 bytes JMP 0000000077bf0230
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               0000000077a91b00 5 bytes JMP 0000000077bf0480
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    0000000077a91c20 5 bytes JMP 0000000077bf0350
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          0000000077a91c80 5 bytes JMP 0000000077bf0290
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           0000000077a91d40 5 bytes JMP 0000000077bf0330
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    0000000077a91db0 5 bytes JMP 0000000077bf0410
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       0000000077a91de0 5 bytes JMP 0000000077bf0240
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       0000000077a92160 5 bytes JMP 0000000077bf0250
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       0000000077a92190 5 bytes JMP 0000000077bf0490
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         0000000077a921d0 5 bytes JMP 0000000077bf0300
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      0000000077a921e0 5 bytes JMP 0000000077bf0360
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            0000000077a92240 5 bytes JMP 0000000077bf02a0
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         0000000077a92290 5 bytes JMP 0000000077bf02c0
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                            0000000077a922c0 5 bytes JMP 0000000077bf0380
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                             0000000077a922d0 5 bytes JMP 0000000077bf0340
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      0000000077a925c0 5 bytes JMP 0000000077bf0440
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     0000000077a927c0 5 bytes JMP 0000000077bf0260
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        0000000077a927d0 5 bytes JMP 0000000077bf0270
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      0000000077a927e0 5 bytes JMP 0000000077bf0400
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   0000000077a929b0 5 bytes JMP 0000000077bf0210
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        0000000077a92a20 5 bytes JMP 0000000077bf0200
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        0000000077a92a80 5 bytes JMP 0000000077bf0420
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         0000000077a92a90 5 bytes JMP 0000000077bf0430
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text   C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            0000000077a92b80 5 bytes JMP 0000000077bf0280
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  0000000077a91360 5 bytes JMP 0000000077bf0460
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           0000000077a913b0 5 bytes JMP 0000000077bf0450
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                           0000000077a91510 5 bytes JMP 0000000077bf0370
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                0000000077a91560 5 bytes JMP 0000000077bf0470
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      0000000077a91570 5 bytes JMP 0000000077bf03e0
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           0000000077a91620 5 bytes JMP 0000000077bf0320
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    0000000077a91650 5 bytes JMP 0000000077bf03b0
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                       0000000077a91670 5 bytes JMP 0000000077bf0390
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           0000000077a91730 5 bytes JMP 0000000077bf02d0
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         0000000077a91750 5 bytes JMP 0000000077bf0310
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          0000000077a91790 5 bytes JMP 0000000077bf03c0
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          0000000077a91940 5 bytes JMP 0000000077bf0230
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               0000000077a91b00 5 bytes JMP 0000000077bf0480
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    0000000077a91c20 5 bytes JMP 0000000077bf0350
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          0000000077a91c80 5 bytes JMP 0000000077bf0290
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           0000000077a91d40 5 bytes JMP 0000000077bf0330
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    0000000077a91db0 5 bytes JMP 0000000077bf0410
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       0000000077a91de0 5 bytes JMP 0000000077bf0240
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       0000000077a92160 5 bytes JMP 0000000077bf0250
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       0000000077a92190 5 bytes JMP 0000000077bf0490
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         0000000077a921d0 5 bytes JMP 0000000077bf0300
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      0000000077a921e0 5 bytes JMP 0000000077bf0360
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            0000000077a92240 5 bytes JMP 0000000077bf02a0
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         0000000077a92290 5 bytes JMP 0000000077bf02c0
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                            0000000077a922c0 5 bytes JMP 0000000077bf0380
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                             0000000077a922d0 5 bytes JMP 0000000077bf0340
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      0000000077a925c0 5 bytes JMP 0000000077bf0440
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     0000000077a927c0 5 bytes JMP 0000000077bf0260
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        0000000077a927d0 5 bytes JMP 0000000077bf0270
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      0000000077a927e0 5 bytes JMP 0000000077bf0400
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   0000000077a929b0 5 bytes JMP 0000000077bf0210
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        0000000077a92a20 5 bytes JMP 0000000077bf0200
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        0000000077a92a80 5 bytes JMP 0000000077bf0420
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         0000000077a92a90 5 bytes JMP 0000000077bf0430
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            0000000077a92b80 5 bytes JMP 0000000077bf0280
.text   C:\Windows\System32\svchost.exe[892] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007797eecd 1 byte [62]
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  0000000077a91360 5 bytes JMP 0000000077bf0460
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           0000000077a913b0 5 bytes JMP 0000000077bf0450
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                           0000000077a91510 5 bytes JMP 0000000077bf0370
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                0000000077a91560 5 bytes JMP 0000000077bf0470
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      0000000077a91570 5 bytes JMP 0000000077bf03e0
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           0000000077a91620 5 bytes JMP 0000000077bf0320
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    0000000077a91650 5 bytes JMP 0000000077bf03b0
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                       0000000077a91670 5 bytes JMP 0000000077bf0390
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           0000000077a91730 5 bytes JMP 0000000077bf02d0
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         0000000077a91750 5 bytes JMP 0000000077bf0310
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          0000000077a91790 5 bytes JMP 0000000077bf03c0
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          0000000077a91940 5 bytes JMP 0000000077bf0230
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               0000000077a91b00 5 bytes JMP 0000000077bf0480
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    0000000077a91c20 5 bytes JMP 0000000077bf0350
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          0000000077a91c80 5 bytes JMP 0000000077bf0290
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           0000000077a91d40 5 bytes JMP 0000000077bf0330
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    0000000077a91db0 5 bytes JMP 0000000077bf0410
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       0000000077a91de0 5 bytes JMP 0000000077bf0240
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       0000000077a92160 5 bytes JMP 0000000077bf0250
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       0000000077a92190 5 bytes JMP 0000000077bf0490
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         0000000077a921d0 5 bytes JMP 0000000077bf0300
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      0000000077a921e0 5 bytes JMP 0000000077bf0360
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            0000000077a92240 5 bytes JMP 0000000077bf02a0
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         0000000077a92290 5 bytes JMP 0000000077bf02c0
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                            0000000077a922c0 5 bytes JMP 0000000077bf0380
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                             0000000077a922d0 5 bytes JMP 0000000077bf0340
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      0000000077a925c0 5 bytes JMP 0000000077bf0440
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     0000000077a927c0 5 bytes JMP 0000000077bf0260
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        0000000077a927d0 5 bytes JMP 0000000077bf0270
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      0000000077a927e0 5 bytes JMP 0000000077bf0400
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   0000000077a929b0 5 bytes JMP 0000000077bf0210
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        0000000077a92a20 5 bytes JMP 0000000077bf0200
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        0000000077a92a80 5 bytes JMP 0000000077bf0420
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         0000000077a92a90 5 bytes JMP 0000000077bf0430
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            0000000077a92b80 5 bytes JMP 0000000077bf0280
.text   C:\Windows\System32\svchost.exe[944] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007797eecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 0000000077a91360 5 bytes JMP 0000000077bf0460
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          0000000077a913b0 5 bytes JMP 0000000077bf0450
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                          0000000077a91510 5 bytes JMP 0000000077bf0370
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               0000000077a91560 5 bytes JMP 0000000077bf0470
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     0000000077a91570 5 bytes JMP 0000000077bf03e0
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          0000000077a91620 5 bytes JMP 0000000077bf0320
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   0000000077a91650 5 bytes JMP 0000000077bf03b0
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                      0000000077a91670 5 bytes JMP 0000000077bf0390
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          0000000077a91730 5 bytes JMP 0000000077bf02d0
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        0000000077a91750 5 bytes JMP 0000000077bf0310
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         0000000077a91790 5 bytes JMP 0000000077bf03c0
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         0000000077a91940 5 bytes JMP 0000000077bf0230
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              0000000077a91b00 5 bytes JMP 0000000077bf0480
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   0000000077a91c20 5 bytes JMP 0000000077bf0350
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         0000000077a91c80 5 bytes JMP 0000000077bf0290
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          0000000077a91d40 5 bytes JMP 0000000077bf0330
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   0000000077a91db0 5 bytes JMP 0000000077bf0410
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      0000000077a91de0 5 bytes JMP 0000000077bf0240
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      0000000077a92160 5 bytes JMP 0000000077bf0250
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      0000000077a92190 5 bytes JMP 0000000077bf0490
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        0000000077a921d0 5 bytes JMP 0000000077bf0300
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     0000000077a921e0 5 bytes JMP 0000000077bf0360
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           0000000077a92240 5 bytes JMP 0000000077bf02a0
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        0000000077a92290 5 bytes JMP 0000000077bf02c0
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                           0000000077a922c0 5 bytes JMP 0000000077bf0380
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            0000000077a922d0 5 bytes JMP 0000000077bf0340
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     0000000077a925c0 5 bytes JMP 0000000077bf0440
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    0000000077a927c0 5 bytes JMP 0000000077bf0260
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       0000000077a927d0 5 bytes JMP 0000000077bf0270
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     0000000077a927e0 5 bytes JMP 0000000077bf0400
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  0000000077a929b0 5 bytes JMP 0000000077bf0210
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       0000000077a92a20 5 bytes JMP 0000000077bf0200
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       0000000077a92a80 5 bytes JMP 0000000077bf0420
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        0000000077a92a90 5 bytes JMP 0000000077bf0430
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           0000000077a92b80 5 bytes JMP 0000000077bf0280
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007797eecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  0000000077a91360 5 bytes JMP 0000000100070460
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           0000000077a913b0 5 bytes JMP 0000000100070450
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                           0000000077a91510 5 bytes JMP 0000000100070370
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                0000000077a91560 5 bytes JMP 0000000100070470
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      0000000077a91570 5 bytes JMP 00000001000703e0
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           0000000077a91620 5 bytes JMP 0000000100070320
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    0000000077a91650 5 bytes JMP 00000001000703b0
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                       0000000077a91670 5 bytes JMP 0000000100070390
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             0000000077a916b0 5 bytes JMP 00000001000702e0
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           0000000077a91730 5 bytes JMP 00000001000702d0
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         0000000077a91750 5 bytes JMP 0000000100070310
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          0000000077a91790 5 bytes JMP 00000001000703c0
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       0000000077a917e0 5 bytes JMP 00000001000703f0
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          0000000077a91940 5 bytes JMP 0000000100070230
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               0000000077a91b00 5 bytes JMP 0000000100070480
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              0000000077a91b30 5 bytes JMP 00000001000703a0
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       0000000077a91c10 5 bytes JMP 00000001000702f0
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    0000000077a91c20 5 bytes JMP 0000000100070350
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          0000000077a91c80 5 bytes JMP 0000000100070290
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       0000000077a91d10 5 bytes JMP 00000001000702b0
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        0000000077a91d30 5 bytes JMP 00000001000703d0
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           0000000077a91d40 5 bytes JMP 0000000100070330
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    0000000077a91db0 5 bytes JMP 0000000100070410
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       0000000077a91de0 5 bytes JMP 0000000100070240
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            0000000077a920a0 5 bytes JMP 00000001000701e0
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       0000000077a92160 5 bytes JMP 0000000100070250
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       0000000077a92190 5 bytes JMP 0000000100070490
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              0000000077a921a0 5 bytes JMP 00000001000704a0
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         0000000077a921d0 5 bytes JMP 0000000100070300
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      0000000077a921e0 5 bytes JMP 0000000100070360
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            0000000077a92240 5 bytes JMP 00000001000702a0
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         0000000077a92290 5 bytes JMP 00000001000702c0
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                            0000000077a922c0 5 bytes JMP 0000000100070380
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                             0000000077a922d0 5 bytes JMP 0000000100070340
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      0000000077a925c0 5 bytes JMP 0000000100070440
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     0000000077a927c0 5 bytes JMP 0000000100070260
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        0000000077a927d0 5 bytes JMP 0000000100070270
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      0000000077a927e0 5 bytes JMP 0000000100070400
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  0000000077a929a0 5 bytes JMP 00000001000701f0
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   0000000077a929b0 5 bytes JMP 0000000100070210
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        0000000077a92a20 5 bytes JMP 0000000100070200
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        0000000077a92a80 5 bytes JMP 0000000100070420
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         0000000077a92a90 5 bytes JMP 0000000100070430
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    0000000077a92aa0 5 bytes JMP 0000000100070220
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            0000000077a92b80 5 bytes JMP 0000000100070280
.text   C:\Windows\system32\svchost.exe[468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007797eecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 0000000077a91360 5 bytes JMP 0000000077bf0460
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          0000000077a913b0 5 bytes JMP 0000000077bf0450
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                          0000000077a91510 5 bytes JMP 0000000077bf0370
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               0000000077a91560 5 bytes JMP 0000000077bf0470
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     0000000077a91570 5 bytes JMP 0000000077bf03e0
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          0000000077a91620 5 bytes JMP 0000000077bf0320
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   0000000077a91650 5 bytes JMP 0000000077bf03b0
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                      0000000077a91670 5 bytes JMP 0000000077bf0390
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          0000000077a91730 5 bytes JMP 0000000077bf02d0
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        0000000077a91750 5 bytes JMP 0000000077bf0310
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         0000000077a91790 5 bytes JMP 0000000077bf03c0
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         0000000077a91940 5 bytes JMP 0000000077bf0230
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              0000000077a91b00 5 bytes JMP 0000000077bf0480
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   0000000077a91c20 5 bytes JMP 0000000077bf0350
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         0000000077a91c80 5 bytes JMP 0000000077bf0290
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          0000000077a91d40 5 bytes JMP 0000000077bf0330
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   0000000077a91db0 5 bytes JMP 0000000077bf0410
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      0000000077a91de0 5 bytes JMP 0000000077bf0240
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      0000000077a92160 5 bytes JMP 0000000077bf0250
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      0000000077a92190 5 bytes JMP 0000000077bf0490
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        0000000077a921d0 5 bytes JMP 0000000077bf0300
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     0000000077a921e0 5 bytes JMP 0000000077bf0360
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           0000000077a92240 5 bytes JMP 0000000077bf02a0
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        0000000077a92290 5 bytes JMP 0000000077bf02c0
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                           0000000077a922c0 5 bytes JMP 0000000077bf0380
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            0000000077a922d0 5 bytes JMP 0000000077bf0340
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     0000000077a925c0 5 bytes JMP 0000000077bf0440
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    0000000077a927c0 5 bytes JMP 0000000077bf0260
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       0000000077a927d0 5 bytes JMP 0000000077bf0270
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     0000000077a927e0 5 bytes JMP 0000000077bf0400
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  0000000077a929b0 5 bytes JMP 0000000077bf0210
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       0000000077a92a20 5 bytes JMP 0000000077bf0200
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       0000000077a92a80 5 bytes JMP 0000000077bf0420
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        0000000077a92a90 5 bytes JMP 0000000077bf0430
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           0000000077a92b80 5 bytes JMP 0000000077bf0280
.text   C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007797eecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 0000000077a91360 5 bytes JMP 0000000077bf0460
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          0000000077a913b0 5 bytes JMP 0000000077bf0450
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                          0000000077a91510 5 bytes JMP 0000000077bf0370
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               0000000077a91560 5 bytes JMP 0000000077bf0470
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     0000000077a91570 5 bytes JMP 0000000077bf03e0
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          0000000077a91620 5 bytes JMP 0000000077bf0320
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   0000000077a91650 5 bytes JMP 0000000077bf03b0
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                      0000000077a91670 5 bytes JMP 0000000077bf0390
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          0000000077a91730 5 bytes JMP 0000000077bf02d0
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        0000000077a91750 5 bytes JMP 0000000077bf0310
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         0000000077a91790 5 bytes JMP 0000000077bf03c0
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         0000000077a91940 5 bytes JMP 0000000077bf0230
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              0000000077a91b00 5 bytes JMP 0000000077bf0480
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   0000000077a91c20 5 bytes JMP 0000000077bf0350
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         0000000077a91c80 5 bytes JMP 0000000077bf0290
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          0000000077a91d40 5 bytes JMP 0000000077bf0330
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   0000000077a91db0 5 bytes JMP 0000000077bf0410
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      0000000077a91de0 5 bytes JMP 0000000077bf0240
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      0000000077a92160 5 bytes JMP 0000000077bf0250
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      0000000077a92190 5 bytes JMP 0000000077bf0490
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        0000000077a921d0 5 bytes JMP 0000000077bf0300
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     0000000077a921e0 5 bytes JMP 0000000077bf0360
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           0000000077a92240 5 bytes JMP 0000000077bf02a0
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        0000000077a92290 5 bytes JMP 0000000077bf02c0
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                           0000000077a922c0 5 bytes JMP 0000000077bf0380
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            0000000077a922d0 5 bytes JMP 0000000077bf0340
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     0000000077a925c0 5 bytes JMP 0000000077bf0440
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    0000000077a927c0 5 bytes JMP 0000000077bf0260
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       0000000077a927d0 5 bytes JMP 0000000077bf0270
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     0000000077a927e0 5 bytes JMP 0000000077bf0400
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  0000000077a929b0 5 bytes JMP 0000000077bf0210
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       0000000077a92a20 5 bytes JMP 0000000077bf0200
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       0000000077a92a80 5 bytes JMP 0000000077bf0420
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        0000000077a92a90 5 bytes JMP 0000000077bf0430
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text   C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           0000000077a92b80 5 bytes JMP 0000000077bf0280
.text   C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                     000000007797eecd 1 byte [62]
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 0000000077a91360 5 bytes JMP 0000000100070460
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          0000000077a913b0 5 bytes JMP 0000000100070450
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                          0000000077a91510 5 bytes JMP 0000000100070370
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               0000000077a91560 5 bytes JMP 0000000100070470
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     0000000077a91570 5 bytes JMP 00000001000703e0
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          0000000077a91620 5 bytes JMP 0000000100070320
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   0000000077a91650 5 bytes JMP 00000001000703b0
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                      0000000077a91670 5 bytes JMP 0000000100070390
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            0000000077a916b0 5 bytes JMP 00000001000702e0
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          0000000077a91730 5 bytes JMP 00000001000702d0
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        0000000077a91750 5 bytes JMP 0000000100070310
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         0000000077a91790 5 bytes JMP 00000001000703c0
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      0000000077a917e0 5 bytes JMP 00000001000703f0
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         0000000077a91940 5 bytes JMP 0000000100070230
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              0000000077a91b00 5 bytes JMP 0000000100070480
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             0000000077a91b30 5 bytes JMP 00000001000703a0
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      0000000077a91c10 5 bytes JMP 00000001000702f0
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   0000000077a91c20 5 bytes JMP 0000000100070350
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         0000000077a91c80 5 bytes JMP 0000000100070290
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      0000000077a91d10 5 bytes JMP 00000001000702b0
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       0000000077a91d30 5 bytes JMP 00000001000703d0
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          0000000077a91d40 5 bytes JMP 0000000100070330
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   0000000077a91db0 5 bytes JMP 0000000100070410
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      0000000077a91de0 5 bytes JMP 0000000100070240
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           0000000077a920a0 5 bytes JMP 00000001000701e0
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      0000000077a92160 5 bytes JMP 0000000100070250
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      0000000077a92190 5 bytes JMP 0000000100070490
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             0000000077a921a0 5 bytes JMP 00000001000704a0
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        0000000077a921d0 5 bytes JMP 0000000100070300
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     0000000077a921e0 5 bytes JMP 0000000100070360
         

Alt 10.02.2014, 21:53   #5
wauzz132
 
Win7, A1 Rechnung #438192 von 05-02-14 - Standard

Win7, A1 Rechnung #438192 von 05-02-14



Gmer Teil2

Code:
ATTFilter
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           0000000077a92240 5 bytes JMP 00000001000702a0
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        0000000077a92290 5 bytes JMP 00000001000702c0
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                           0000000077a922c0 5 bytes JMP 0000000100070380
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            0000000077a922d0 5 bytes JMP 0000000100070340
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     0000000077a925c0 5 bytes JMP 0000000100070440
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    0000000077a927c0 5 bytes JMP 0000000100070260
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       0000000077a927d0 5 bytes JMP 0000000100070270
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     0000000077a927e0 5 bytes JMP 0000000100070400
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 0000000077a929a0 5 bytes JMP 00000001000701f0
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  0000000077a929b0 5 bytes JMP 0000000100070210
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       0000000077a92a20 5 bytes JMP 0000000100070200
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       0000000077a92a80 5 bytes JMP 0000000100070420
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        0000000077a92a90 5 bytes JMP 0000000100070430
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   0000000077a92aa0 5 bytes JMP 0000000100070220
.text   C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           0000000077a92b80 5 bytes JMP 0000000100070280
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 0000000077a91360 5 bytes JMP 0000000077bf0460
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          0000000077a913b0 5 bytes JMP 0000000077bf0450
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                          0000000077a91510 5 bytes JMP 0000000077bf0370
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               0000000077a91560 5 bytes JMP 0000000077bf0470
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     0000000077a91570 5 bytes JMP 0000000077bf03e0
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          0000000077a91620 5 bytes JMP 0000000077bf0320
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   0000000077a91650 5 bytes JMP 0000000077bf03b0
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                      0000000077a91670 5 bytes JMP 0000000077bf0390
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          0000000077a91730 5 bytes JMP 0000000077bf02d0
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        0000000077a91750 5 bytes JMP 0000000077bf0310
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         0000000077a91790 5 bytes JMP 0000000077bf03c0
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         0000000077a91940 5 bytes JMP 0000000077bf0230
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              0000000077a91b00 5 bytes JMP 0000000077bf0480
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   0000000077a91c20 5 bytes JMP 0000000077bf0350
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         0000000077a91c80 5 bytes JMP 0000000077bf0290
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          0000000077a91d40 5 bytes JMP 0000000077bf0330
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   0000000077a91db0 5 bytes JMP 0000000077bf0410
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      0000000077a91de0 5 bytes JMP 0000000077bf0240
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      0000000077a92160 5 bytes JMP 0000000077bf0250
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      0000000077a92190 5 bytes JMP 0000000077bf0490
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        0000000077a921d0 5 bytes JMP 0000000077bf0300
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     0000000077a921e0 5 bytes JMP 0000000077bf0360
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           0000000077a92240 5 bytes JMP 0000000077bf02a0
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        0000000077a92290 5 bytes JMP 0000000077bf02c0
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                           0000000077a922c0 5 bytes JMP 0000000077bf0380
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            0000000077a922d0 5 bytes JMP 0000000077bf0340
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     0000000077a925c0 5 bytes JMP 0000000077bf0440
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    0000000077a927c0 5 bytes JMP 0000000077bf0260
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       0000000077a927d0 5 bytes JMP 0000000077bf0270
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     0000000077a927e0 5 bytes JMP 0000000077bf0400
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  0000000077a929b0 5 bytes JMP 0000000077bf0210
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       0000000077a92a20 5 bytes JMP 0000000077bf0200
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       0000000077a92a80 5 bytes JMP 0000000077bf0420
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        0000000077a92a90 5 bytes JMP 0000000077bf0430
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           0000000077a92b80 5 bytes JMP 0000000077bf0280
.text   C:\Windows\system32\svchost.exe[2416] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007797eecd 1 byte [62]
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[2896] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                             000000007797eecd 1 byte [62]
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                           0000000077a91360 5 bytes JMP 0000000077bf0460
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                    0000000077a913b0 5 bytes JMP 0000000077bf0450
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                    0000000077a91510 5 bytes JMP 0000000077bf0370
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                         0000000077a91560 5 bytes JMP 0000000077bf0470
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                               0000000077a91570 5 bytes JMP 0000000077bf03e0
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                    0000000077a91620 5 bytes JMP 0000000077bf0320
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                             0000000077a91650 5 bytes JMP 0000000077bf03b0
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                0000000077a91670 5 bytes JMP 0000000077bf0390
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                      0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                    0000000077a91730 5 bytes JMP 0000000077bf02d0
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                  0000000077a91750 5 bytes JMP 0000000077bf0310
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                   0000000077a91790 5 bytes JMP 0000000077bf03c0
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                   0000000077a91940 5 bytes JMP 0000000077bf0230
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                        0000000077a91b00 5 bytes JMP 0000000077bf0480
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                       0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                             0000000077a91c20 5 bytes JMP 0000000077bf0350
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                   0000000077a91c80 5 bytes JMP 0000000077bf0290
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                 0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                    0000000077a91d40 5 bytes JMP 0000000077bf0330
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                             0000000077a91db0 5 bytes JMP 0000000077bf0410
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                0000000077a91de0 5 bytes JMP 0000000077bf0240
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                     0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                0000000077a92160 5 bytes JMP 0000000077bf0250
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                0000000077a92190 5 bytes JMP 0000000077bf0490
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                       0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                  0000000077a921d0 5 bytes JMP 0000000077bf0300
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                               0000000077a921e0 5 bytes JMP 0000000077bf0360
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                     0000000077a92240 5 bytes JMP 0000000077bf02a0
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                  0000000077a92290 5 bytes JMP 0000000077bf02c0
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                     0000000077a922c0 5 bytes JMP 0000000077bf0380
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                      0000000077a922d0 5 bytes JMP 0000000077bf0340
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                               0000000077a925c0 5 bytes JMP 0000000077bf0440
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                              0000000077a927c0 5 bytes JMP 0000000077bf0260
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                 0000000077a927d0 5 bytes JMP 0000000077bf0270
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                               0000000077a927e0 5 bytes JMP 0000000077bf0400
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                           0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                            0000000077a929b0 5 bytes JMP 0000000077bf0210
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                 0000000077a92a20 5 bytes JMP 0000000077bf0200
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                 0000000077a92a80 5 bytes JMP 0000000077bf0420
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                  0000000077a92a90 5 bytes JMP 0000000077bf0430
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                             0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                     0000000077a92b80 5 bytes JMP 0000000077bf0280
.text   C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          000000007797eecd 1 byte [62]
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                0000000077a91360 5 bytes JMP 0000000077bf0460
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                         0000000077a913b0 5 bytes JMP 0000000077bf0450
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                         0000000077a91510 5 bytes JMP 0000000077bf0370
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                              0000000077a91560 5 bytes JMP 0000000077bf0470
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                    0000000077a91570 5 bytes JMP 0000000077bf03e0
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                         0000000077a91620 5 bytes JMP 0000000077bf0320
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                  0000000077a91650 5 bytes JMP 0000000077bf03b0
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                     0000000077a91670 5 bytes JMP 0000000077bf0390
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                           0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                         0000000077a91730 5 bytes JMP 0000000077bf02d0
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                       0000000077a91750 5 bytes JMP 0000000077bf0310
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                        0000000077a91790 5 bytes JMP 0000000077bf03c0
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                     0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                        0000000077a91940 5 bytes JMP 0000000077bf0230
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                             0000000077a91b00 5 bytes JMP 0000000077bf0480
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                            0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                     0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                  0000000077a91c20 5 bytes JMP 0000000077bf0350
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                        0000000077a91c80 5 bytes JMP 0000000077bf0290
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                     0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                      0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                         0000000077a91d40 5 bytes JMP 0000000077bf0330
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                  0000000077a91db0 5 bytes JMP 0000000077bf0410
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                     0000000077a91de0 5 bytes JMP 0000000077bf0240
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                          0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                     0000000077a92160 5 bytes JMP 0000000077bf0250
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                     0000000077a92190 5 bytes JMP 0000000077bf0490
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                            0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                       0000000077a921d0 5 bytes JMP 0000000077bf0300
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                    0000000077a921e0 5 bytes JMP 0000000077bf0360
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                          0000000077a92240 5 bytes JMP 0000000077bf02a0
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                       0000000077a92290 5 bytes JMP 0000000077bf02c0
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                          0000000077a922c0 5 bytes JMP 0000000077bf0380
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                           0000000077a922d0 5 bytes JMP 0000000077bf0340
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                    0000000077a925c0 5 bytes JMP 0000000077bf0440
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                   0000000077a927c0 5 bytes JMP 0000000077bf0260
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                      0000000077a927d0 5 bytes JMP 0000000077bf0270
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                    0000000077a927e0 5 bytes JMP 0000000077bf0400
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                      0000000077a92a20 5 bytes JMP 0000000077bf0200
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                      0000000077a92a80 5 bytes JMP 0000000077bf0420
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                       0000000077a92a90 5 bytes JMP 0000000077bf0430
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                  0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                          0000000077a92b80 5 bytes JMP 0000000077bf0280
.text   C:\Windows\system32\taskhost.exe[1308] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               000000007797eecd 1 byte [62]
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                         0000000077a91360 5 bytes JMP 0000000100070460
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                  0000000077a913b0 5 bytes JMP 0000000100070450
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                  0000000077a91510 5 bytes JMP 0000000100070370
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                       0000000077a91560 5 bytes JMP 0000000100070470
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                             0000000077a91570 5 bytes JMP 00000001000703e0
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                  0000000077a91620 5 bytes JMP 0000000100070320
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                           0000000077a91650 5 bytes JMP 00000001000703b0
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                              0000000077a91670 5 bytes JMP 0000000100070390
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                    0000000077a916b0 5 bytes JMP 00000001000702e0
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                  0000000077a91730 5 bytes JMP 00000001000702d0
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                0000000077a91750 5 bytes JMP 0000000100070310
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                 0000000077a91790 5 bytes JMP 00000001000703c0
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                              0000000077a917e0 5 bytes JMP 00000001000703f0
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                 0000000077a91940 5 bytes JMP 0000000100070230
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                      0000000077a91b00 5 bytes JMP 0000000100070480
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                     0000000077a91b30 5 bytes JMP 00000001000703a0
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                              0000000077a91c10 5 bytes JMP 00000001000702f0
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                           0000000077a91c20 5 bytes JMP 0000000100070350
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                 0000000077a91c80 5 bytes JMP 0000000100070290
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                              0000000077a91d10 5 bytes JMP 00000001000702b0
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                               0000000077a91d30 5 bytes JMP 00000001000703d0
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                  0000000077a91d40 5 bytes JMP 0000000100070330
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                           0000000077a91db0 5 bytes JMP 0000000100070410
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                              0000000077a91de0 5 bytes JMP 0000000100070240
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                   0000000077a920a0 5 bytes JMP 00000001000701e0
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                              0000000077a92160 5 bytes JMP 0000000100070250
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                              0000000077a92190 5 bytes JMP 0000000100070490
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                     0000000077a921a0 5 bytes JMP 00000001000704a0
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                0000000077a921d0 5 bytes JMP 0000000100070300
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                             0000000077a921e0 5 bytes JMP 0000000100070360
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                   0000000077a92240 5 bytes JMP 00000001000702a0
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                0000000077a92290 5 bytes JMP 00000001000702c0
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                   0000000077a922c0 5 bytes JMP 0000000100070380
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                    0000000077a922d0 5 bytes JMP 0000000100070340
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                             0000000077a925c0 5 bytes JMP 0000000100070440
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                            0000000077a927c0 5 bytes JMP 0000000100070260
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                               0000000077a927d0 5 bytes JMP 0000000100070270
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                             0000000077a927e0 5 bytes JMP 0000000100070400
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                         0000000077a929a0 5 bytes JMP 00000001000701f0
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                          0000000077a929b0 5 bytes JMP 0000000100070210
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                               0000000077a92a20 5 bytes JMP 0000000100070200
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                               0000000077a92a80 5 bytes JMP 0000000100070420
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                0000000077a92a90 5 bytes JMP 0000000100070430
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                           0000000077a92aa0 5 bytes JMP 0000000100070220
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                   0000000077a92b80 5 bytes JMP 0000000100070280
.text   C:\Windows\Explorer.EXE[2512] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                        000000007797eecd 1 byte [62]
.text   C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[1984] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                 000000007761a2ba 1 byte [62]
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                0000000077a91360 5 bytes JMP 0000000077bf0460
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                         0000000077a913b0 5 bytes JMP 0000000077bf0450
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                         0000000077a91510 5 bytes JMP 0000000077bf0370
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                              0000000077a91560 5 bytes JMP 0000000077bf0470
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                    0000000077a91570 5 bytes JMP 0000000077bf03e0
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                         0000000077a91620 5 bytes JMP 0000000077bf0320
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                  0000000077a91650 5 bytes JMP 0000000077bf03b0
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                     0000000077a91670 5 bytes JMP 0000000077bf0390
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                           0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                         0000000077a91730 5 bytes JMP 0000000077bf02d0
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                       0000000077a91750 5 bytes JMP 0000000077bf0310
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                        0000000077a91790 5 bytes JMP 0000000077bf03c0
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                     0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                        0000000077a91940 5 bytes JMP 0000000077bf0230
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                             0000000077a91b00 5 bytes JMP 0000000077bf0480
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                            0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                     0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                  0000000077a91c20 5 bytes JMP 0000000077bf0350
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                        0000000077a91c80 5 bytes JMP 0000000077bf0290
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                     0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                      0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                         0000000077a91d40 5 bytes JMP 0000000077bf0330
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                  0000000077a91db0 5 bytes JMP 0000000077bf0410
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                     0000000077a91de0 5 bytes JMP 0000000077bf0240
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                          0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                     0000000077a92160 5 bytes JMP 0000000077bf0250
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                     0000000077a92190 5 bytes JMP 0000000077bf0490
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                            0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                       0000000077a921d0 5 bytes JMP 0000000077bf0300
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                    0000000077a921e0 5 bytes JMP 0000000077bf0360
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                          0000000077a92240 5 bytes JMP 0000000077bf02a0
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                       0000000077a92290 5 bytes JMP 0000000077bf02c0
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                          0000000077a922c0 5 bytes JMP 0000000077bf0380
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                           0000000077a922d0 5 bytes JMP 0000000077bf0340
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                    0000000077a925c0 5 bytes JMP 0000000077bf0440
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                   0000000077a927c0 5 bytes JMP 0000000077bf0260
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                      0000000077a927d0 5 bytes JMP 0000000077bf0270
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                    0000000077a927e0 5 bytes JMP 0000000077bf0400
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                      0000000077a92a20 5 bytes JMP 0000000077bf0200
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                      0000000077a92a80 5 bytes JMP 0000000077bf0420
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                       0000000077a92a90 5 bytes JMP 0000000077bf0430
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                  0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                          0000000077a92b80 5 bytes JMP 0000000077bf0280
.text   C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               000000007797eecd 1 byte [62]
.text   C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2664] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  000000007761a2ba 1 byte [62]
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                     0000000077a91360 5 bytes JMP 0000000100070460
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                              0000000077a913b0 5 bytes JMP 0000000100070450
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                              0000000077a91510 5 bytes JMP 0000000100070370
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                   0000000077a91560 5 bytes JMP 0000000100070470
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                         0000000077a91570 5 bytes JMP 00000001000703e0
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                              0000000077a91620 5 bytes JMP 0000000100070320
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                       0000000077a91650 5 bytes JMP 00000001000703b0
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                          0000000077a91670 5 bytes JMP 0000000100070390
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                0000000077a916b0 5 bytes JMP 00000001000702e0
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                              0000000077a91730 5 bytes JMP 00000001000702d0
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                            0000000077a91750 5 bytes JMP 0000000100070310
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                             0000000077a91790 5 bytes JMP 00000001000703c0
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                          0000000077a917e0 5 bytes JMP 00000001000703f0
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                             0000000077a91940 5 bytes JMP 0000000100070230
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                  0000000077a91b00 5 bytes JMP 0000000100070480
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                 0000000077a91b30 5 bytes JMP 00000001000703a0
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                          0000000077a91c10 5 bytes JMP 00000001000702f0
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                       0000000077a91c20 5 bytes JMP 0000000100070350
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                             0000000077a91c80 5 bytes JMP 0000000100070290
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                          0000000077a91d10 5 bytes JMP 00000001000702b0
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                           0000000077a91d30 5 bytes JMP 00000001000703d0
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                              0000000077a91d40 5 bytes JMP 0000000100070330
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                       0000000077a91db0 5 bytes JMP 0000000100070410
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                          0000000077a91de0 5 bytes JMP 0000000100070240
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                               0000000077a920a0 5 bytes JMP 00000001000701e0
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                          0000000077a92160 5 bytes JMP 0000000100070250
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                          0000000077a92190 5 bytes JMP 0000000100070490
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                 0000000077a921a0 5 bytes JMP 00000001000704a0
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                            0000000077a921d0 5 bytes JMP 0000000100070300
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                         0000000077a921e0 5 bytes JMP 0000000100070360
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                               0000000077a92240 5 bytes JMP 00000001000702a0
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                            0000000077a92290 5 bytes JMP 00000001000702c0
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                               0000000077a922c0 5 bytes JMP 0000000100070380
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                0000000077a922d0 5 bytes JMP 0000000100070340
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                         0000000077a925c0 5 bytes JMP 0000000100070440
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                        0000000077a927c0 5 bytes JMP 0000000100070260
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                           0000000077a927d0 5 bytes JMP 0000000100070270
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                         0000000077a927e0 5 bytes JMP 0000000100070400
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                     0000000077a929a0 5 bytes JMP 00000001000701f0
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                      0000000077a929b0 5 bytes JMP 0000000100070210
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                           0000000077a92a20 5 bytes JMP 0000000100070200
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                           0000000077a92a80 5 bytes JMP 0000000100070420
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                            0000000077a92a90 5 bytes JMP 0000000100070430
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                       0000000077a92aa0 5 bytes JMP 0000000100070220
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                               0000000077a92b80 5 bytes JMP 0000000100070280
.text   C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                    000000007797eecd 1 byte [62]
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[3188] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                   000000007761a2ba 1 byte [62]
.text   C:\Windows\system32\igfxext.exe[3432] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007797eecd 1 byte [62]
.text   C:\Windows\system32\wbem\unsecapp.exe[3504] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          000000007797eecd 1 byte [62]
.text   C:\Program Files (x86)\Launch Manager\LManager.EXE[3576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                             000000007761a2ba 1 byte [62]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3640] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112               000000007761a2ba 1 byte [62]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2288] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                    000000007761a2ba 1 byte [62]
.text   C:\Program Files (x86)\A1 Dashboard\Dashboard.exe[4536] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                              000000007761a2ba 1 byte [62]
.text   C:\Windows\system32\wbem\wmiprvse.exe[4580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          000000007797eecd 1 byte [62]
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 0000000077a91360 5 bytes JMP 0000000077bf0460
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          0000000077a913b0 5 bytes JMP 0000000077bf0450
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                          0000000077a91510 5 bytes JMP 0000000077bf0370
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               0000000077a91560 5 bytes JMP 0000000077bf0470
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     0000000077a91570 5 bytes JMP 0000000077bf03e0
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          0000000077a91620 5 bytes JMP 0000000077bf0320
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   0000000077a91650 5 bytes JMP 0000000077bf03b0
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                      0000000077a91670 5 bytes JMP 0000000077bf0390
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          0000000077a91730 5 bytes JMP 0000000077bf02d0
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        0000000077a91750 5 bytes JMP 0000000077bf0310
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         0000000077a91790 5 bytes JMP 0000000077bf03c0
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         0000000077a91940 5 bytes JMP 0000000077bf0230
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              0000000077a91b00 5 bytes JMP 0000000077bf0480
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   0000000077a91c20 5 bytes JMP 0000000077bf0350
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         0000000077a91c80 5 bytes JMP 0000000077bf0290
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          0000000077a91d40 5 bytes JMP 0000000077bf0330
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   0000000077a91db0 5 bytes JMP 0000000077bf0410
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      0000000077a91de0 5 bytes JMP 0000000077bf0240
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      0000000077a92160 5 bytes JMP 0000000077bf0250
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      0000000077a92190 5 bytes JMP 0000000077bf0490
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        0000000077a921d0 5 bytes JMP 0000000077bf0300
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     0000000077a921e0 5 bytes JMP 0000000077bf0360
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           0000000077a92240 5 bytes JMP 0000000077bf02a0
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        0000000077a92290 5 bytes JMP 0000000077bf02c0
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                           0000000077a922c0 5 bytes JMP 0000000077bf0380
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            0000000077a922d0 5 bytes JMP 0000000077bf0340
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     0000000077a925c0 5 bytes JMP 0000000077bf0440
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    0000000077a927c0 5 bytes JMP 0000000077bf0260
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       0000000077a927d0 5 bytes JMP 0000000077bf0270
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     0000000077a927e0 5 bytes JMP 0000000077bf0400
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  0000000077a929b0 5 bytes JMP 0000000077bf0210
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       0000000077a92a20 5 bytes JMP 0000000077bf0200
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       0000000077a92a80 5 bytes JMP 0000000077bf0420
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        0000000077a92a90 5 bytes JMP 0000000077bf0430
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text   C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           0000000077a92b80 5 bytes JMP 0000000077bf0280
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                            0000000077a63b10 6 bytes {NOP ; JMP 0xffffffff8873cc4c}
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                              0000000077a67ac0 6 bytes {NOP ; JMP 0xffffffff887388e4}
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                  0000000077a91360 5 bytes JMP 0000000100070460
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                           0000000077a913b0 5 bytes JMP 0000000100070450
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                           0000000077a91510 5 bytes JMP 0000000100070370
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                0000000077a91560 5 bytes JMP 0000000100070470
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                      0000000077a91570 5 bytes JMP 00000001000703e0
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                           0000000077a91620 5 bytes JMP 0000000100070320
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                    0000000077a91650 5 bytes JMP 00000001000703b0
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                       0000000077a91670 5 bytes JMP 0000000100070390
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                             0000000077a916b0 5 bytes JMP 00000001000702e0
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                           0000000077a91730 5 bytes JMP 00000001000702d0
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                         0000000077a91750 5 bytes JMP 0000000100070310
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                          0000000077a91790 5 bytes JMP 00000001000703c0
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                       0000000077a917e0 5 bytes JMP 00000001000703f0
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                          0000000077a91940 5 bytes JMP 0000000100070230
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                               0000000077a91b00 5 bytes JMP 0000000100070480
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                              0000000077a91b30 5 bytes JMP 00000001000703a0
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                       0000000077a91c10 5 bytes JMP 00000001000702f0
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                    0000000077a91c20 5 bytes JMP 0000000100070350
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                          0000000077a91c80 5 bytes JMP 0000000100070290
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                       0000000077a91d10 5 bytes JMP 00000001000702b0
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                        0000000077a91d30 5 bytes JMP 00000001000703d0
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                           0000000077a91d40 5 bytes JMP 0000000100070330
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                    0000000077a91db0 5 bytes JMP 0000000100070410
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                       0000000077a91de0 5 bytes JMP 0000000100070240
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                            0000000077a920a0 5 bytes JMP 00000001000701e0
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                       0000000077a92160 5 bytes JMP 0000000100070250
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                       0000000077a92190 5 bytes JMP 0000000100070490
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                              0000000077a921a0 5 bytes JMP 00000001000704a0
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                         0000000077a921d0 5 bytes JMP 0000000100070300
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                      0000000077a921e0 5 bytes JMP 0000000100070360
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                            0000000077a92240 5 bytes JMP 00000001000702a0
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                         0000000077a92290 5 bytes JMP 00000001000702c0
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                            0000000077a922c0 5 bytes JMP 0000000100070380
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                             0000000077a922d0 5 bytes JMP 0000000100070340
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                      0000000077a925c0 5 bytes JMP 0000000100070440
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                     0000000077a927c0 5 bytes JMP 0000000100070260
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                        0000000077a927d0 5 bytes JMP 0000000100070270
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                      0000000077a927e0 5 bytes JMP 0000000100070400
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                  0000000077a929a0 5 bytes JMP 00000001000701f0
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                   0000000077a929b0 5 bytes JMP 0000000100070210
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                        0000000077a92a20 5 bytes JMP 0000000100070200
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                        0000000077a92a80 5 bytes JMP 0000000100070420
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                         0000000077a92a90 5 bytes JMP 0000000100070430
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                    0000000077a92aa0 5 bytes JMP 0000000100070220
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                            0000000077a92b80 5 bytes JMP 0000000100070280
.text   C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                 000000007797eecd 1 byte [62]
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4708] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                       0000000077c5c4dd 5 bytes JMP 00000001000301f8
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4708] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                     0000000077c61287 5 bytes JMP 00000001000303fc
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4708] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                          000000007761a2ba 1 byte [62]
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort            0000000077a91360 5 bytes JMP 0000000077bf0460
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                     0000000077a913b0 5 bytes JMP 0000000077bf0450
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                     0000000077a91510 5 bytes JMP 0000000077bf0370
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx          0000000077a91560 5 bytes JMP 0000000077bf0470
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                0000000077a91570 5 bytes JMP 0000000077bf03e0
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                     0000000077a91620 5 bytes JMP 0000000077bf0320
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory              0000000077a91650 5 bytes JMP 0000000077bf03b0
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                 0000000077a91670 5 bytes JMP 0000000077bf0390
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                       0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                     0000000077a91730 5 bytes JMP 0000000077bf02d0
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                   0000000077a91750 5 bytes JMP 0000000077bf0310
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                    0000000077a91790 5 bytes JMP 0000000077bf03c0
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                 0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                    0000000077a91940 5 bytes JMP 0000000077bf0230
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort         0000000077a91b00 5 bytes JMP 0000000077bf0480
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject        0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                 0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion              0000000077a91c20 5 bytes JMP 0000000077bf0350
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                    0000000077a91c80 5 bytes JMP 0000000077bf0290
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                 0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                  0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                     0000000077a91d40 5 bytes JMP 0000000077bf0330
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess              0000000077a91db0 5 bytes JMP 0000000077bf0410
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                 0000000077a91de0 5 bytes JMP 0000000077bf0240
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                      0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                 0000000077a92160 5 bytes JMP 0000000077bf0250
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                 0000000077a92190 5 bytes JMP 0000000077bf0490
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys        0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                   0000000077a921d0 5 bytes JMP 0000000077bf0300
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                0000000077a921e0 5 bytes JMP 0000000077bf0360
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                      0000000077a92240 5 bytes JMP 0000000077bf02a0
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                   0000000077a92290 5 bytes JMP 0000000077bf02c0
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                      0000000077a922c0 5 bytes JMP 0000000077bf0380
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                       0000000077a922d0 5 bytes JMP 0000000077bf0340
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                0000000077a925c0 5 bytes JMP 0000000077bf0440
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder               0000000077a927c0 5 bytes JMP 0000000077bf0260
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                  0000000077a927d0 5 bytes JMP 0000000077bf0270
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                0000000077a927e0 5 bytes JMP 0000000077bf0400
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation            0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState             0000000077a929b0 5 bytes JMP 0000000077bf0210
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                  0000000077a92a20 5 bytes JMP 0000000077bf0200
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                  0000000077a92a80 5 bytes JMP 0000000077bf0420
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                   0000000077a92a90 5 bytes JMP 0000000077bf0430
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl              0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                      0000000077a92b80 5 bytes JMP 0000000077bf0280
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189           000000007797eecd 1 byte [62]
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                       0000000077c5c4dd 5 bytes JMP 00000001000301f8
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                     0000000077c61287 5 bytes JMP 00000001000303fc
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2756] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                          000000007761a2ba 1 byte [62]
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000075d51465 2 bytes [D5, 75]
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       0000000075d514bb 2 bytes [D5, 75]
.text   ...                                                                                                                                        * 2
.text   C:\Users\Emanuel\Desktop\FRST64.exe[4956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007797eecd 1 byte [62]
.text   C:\Users\Emanuel\Desktop\jcm3f2xb.exe[5992] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                          000000007761a2ba 1 byte [62]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [944:2620]                                                                                                 000007fef9ba44e0
Thread  C:\Windows\System32\svchost.exe [944:4636]                                                                                                 000007fef9fa88f8
Thread  C:\Windows\system32\svchost.exe [468:4388]                                                                                                 000007fef8231ab0
Thread  C:\Windows\system32\svchost.exe [1164:1692]                                                                                                000007fef9f5bd88
Thread  C:\Windows\system32\svchost.exe [1164:956]                                                                                                 000007fef8f65170
Thread  C:\Windows\system32\svchost.exe [1164:2456]                                                                                                000007fef9dd5124
Thread  C:\Windows\system32\svchost.exe [1164:1804]                                                                                                000007fef08e83d8
Thread  C:\Windows\system32\svchost.exe [1164:2596]                                                                                                000007fef08e83d8
Thread  C:\Windows\system32\svchost.exe [1164:3572]                                                                                                000007feefc73f1c
Thread  C:\Windows\system32\svchost.exe [1164:3524]                                                                                                000007feefc422b8
Thread  C:\Windows\system32\svchost.exe [1164:3544]                                                                                                000007feefc41a38
Thread  C:\Windows\system32\svchost.exe [1164:1724]                                                                                                000007fef0765388
Thread  C:\Windows\system32\svchost.exe [1164:852]                                                                                                 000007fef0747738
Thread  C:\Windows\system32\svchost.exe [1164:2744]                                                                                                000007fef0721f90
Thread  C:\Windows\System32\spoolsv.exe [1364:1268]                                                                                                000007fef8c810c8
Thread  C:\Windows\System32\spoolsv.exe [1364:1436]                                                                                                000007fef8c46144
Thread  C:\Windows\System32\spoolsv.exe [1364:960]                                                                                                 000007fef8a35fd0
Thread  C:\Windows\System32\spoolsv.exe [1364:1464]                                                                                                000007fef8a23438
Thread  C:\Windows\System32\spoolsv.exe [1364:1516]                                                                                                000007fef8a363ec
Thread  C:\Windows\System32\spoolsv.exe [1364:1292]                                                                                                000007fef8e15e5c
Thread  C:\Windows\System32\spoolsv.exe [1364:1276]                                                                                                000007fef8e45074
Thread  C:\Windows\System32\spoolsv.exe [1364:2128]                                                                                                000007fef8eb2288
Thread  C:\Windows\system32\wbem\wmiprvse.exe [1676:1680]                                                                                          000007fef8811c20
Thread  C:\Windows\system32\wbem\wmiprvse.exe [1676:4048]                                                                                          000007fef56de3c8

---- EOF - GMER 2.1 ----
         
Danke


Alt 11.02.2014, 17:04   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win7, A1 Rechnung #438192 von 05-02-14 - Standard

Win7, A1 Rechnung #438192 von 05-02-14



Unsere Tools brauchen immer Adminrechte.


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Win7, A1 Rechnung #438192 von 05-02-14

Alt 11.02.2014, 19:32   #7
wauzz132
 
Win7, A1 Rechnung #438192 von 05-02-14 - Standard

Win7, A1 Rechnung #438192 von 05-02-14



Code:
ATTFilter
ComboFix 14-02-11.01 - Emanuel Standard 11.02.2014  19:17:47.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.1979.741 [GMT 1:00]
ausgeführt von:: c:\users\Emanuel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-01-11 bis 2014-02-11  ))))))))))))))))))))))))))))))
.
.
2014-02-11 19:22 . 2014-02-11 19:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-02-11 18:21 . 2014-02-11 18:21	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BF30F6D-0F7C-465D-9795-AF9A787796EB}\offreg.dll
2014-02-11 16:55 . 2014-02-11 18:55	--------	d-----w-	c:\users\Emanuel\AppData\Roaming\Skype
2014-02-11 16:55 . 2013-12-04 03:28	10315576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BF30F6D-0F7C-465D-9795-AF9A787796EB}\mpengine.dll
2014-02-10 23:15 . 2014-02-10 23:15	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-02-10 23:15 . 2014-02-10 23:15	--------	d-----w-	c:\programdata\Oracle
2014-02-10 23:15 . 2014-02-10 23:14	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-10 23:14 . 2014-02-10 23:14	--------	d-----w-	c:\program files (x86)\Java
2014-02-10 23:04 . 2014-02-10 23:04	--------	d-----w-	c:\users\Emanuel Standard\AppData\Roaming\AVAST Software
2014-02-10 19:27 . 2014-02-10 19:30	--------	d-----w-	C:\FRST
2014-02-09 19:38 . 2014-02-09 19:38	--------	d-----w-	c:\users\Emanuel\AppData\Local\CrashDumps
2014-02-09 18:12 . 2014-02-09 18:12	--------	d-----w-	c:\users\Emanuel\AppData\Roaming\Ulead Systems
2014-02-09 18:12 . 2014-02-09 18:12	--------	d-----w-	c:\users\Emanuel\AppData\Roaming\Corel
2014-02-09 18:12 . 2014-02-09 18:12	--------	d-----w-	c:\users\Emanuel\AppData\Local\Corel PaintShop Pro
2014-02-09 18:08 . 2014-02-09 18:08	--------	d-----w-	c:\users\Emanuel Standard\AppData\Roaming\Ulead Systems
2014-02-09 18:08 . 2014-02-09 18:08	--------	d-----w-	c:\users\Emanuel Standard\AppData\Local\Corel PaintShop Pro
2014-02-09 18:07 . 2014-02-09 18:07	--------	d-----w-	c:\program files (x86)\Common Files\Protexis
2014-02-09 18:07 . 2014-02-09 18:07	--------	d-----w-	c:\programdata\Corel
2014-02-09 18:04 . 2014-02-09 18:04	--------	d-----w-	c:\program files (x86)\Corel
2014-01-19 16:06 . 2014-01-19 16:16	--------	d-----w-	c:\program files (x86)\PDF Blender
2014-01-19 02:24 . 2013-10-14 17:00	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
2014-01-16 20:08 . 2013-11-27 01:41	53248	----a-w-	c:\windows\system32\drivers\usbehci.sys
2014-01-16 20:08 . 2013-11-27 01:41	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2014-01-16 20:08 . 2013-11-27 01:41	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2014-01-16 20:08 . 2013-11-27 01:41	99840	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2014-01-16 20:08 . 2013-11-27 01:41	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2014-01-16 20:08 . 2013-11-27 01:41	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2014-01-16 20:08 . 2013-11-27 01:41	7808	----a-w-	c:\windows\system32\drivers\usbd.sys
2014-01-16 20:08 . 2013-11-26 10:32	3156480	----a-w-	c:\windows\system32\win32k.sys
2014-01-16 20:08 . 2013-11-26 11:40	376768	----a-w-	c:\windows\system32\drivers\netio.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 16:03 . 2012-03-29 19:30	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 16:03 . 2011-05-17 20:28	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-31 18:53 . 2013-12-23 14:49	80184	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-01-31 18:53 . 2013-02-08 22:55	421704	----a-w-	c:\windows\system32\drivers\aswSP.sys
2014-01-31 18:53 . 2013-02-08 22:54	1038072	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-01-31 18:53 . 2013-02-08 22:54	78648	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-01-31 18:53 . 2013-02-08 22:54	334136	----a-w-	c:\windows\system32\aswBoot.exe
2014-01-31 18:53 . 2010-11-27 22:17	43152	----a-w-	c:\windows\avastSS.scr
2014-01-16 21:18 . 2009-12-21 07:35	86054176	----a-w-	c:\windows\system32\MRT.exe
2014-01-06 19:23 . 2014-01-06 19:23	4558848	----a-w-	c:\windows\SysWow64\GPhotos.scr
2013-12-23 14:48 . 2013-03-06 21:43	207904	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-12-18 05:13 . 2009-12-20 00:20	270496	------w-	c:\windows\system32\MpSigStub.exe
2013-12-07 17:44 . 2013-03-06 21:43	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-12-07 17:44 . 2013-02-08 22:54	92544	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-11-23 18:26 . 2013-12-12 18:46	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 18:46	465920	----a-w-	c:\windows\system32\WMPhoto.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-17 825864]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-31 3767096]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-12-12 186408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-9-18 708608]
AutoDect.lnk - c:\windows\SysWOW64\SupportAppXL\AutoDect.exe [2011-12-6 128288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbser.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw1v64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 14:06	1211720	----a-w-	c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 16:03]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-27 22:18]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-27 22:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-31 18:53	287280	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-29 824352]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-12 365592]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-01-15 200704]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-260493348-4011631922-2919077809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*þÿÿÿ¨¯w¨¯w\ìe°¥Ð½]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
   00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
"MRUListEx"=hex:04,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,ff,
   ff,ff,ff
"1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
   00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
"2"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
   00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
"3"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
   00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
"4"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
   00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
.
[HKEY_USERS\S-1-5-21-260493348-4011631922-2919077809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*þÿÿÿ¨¯w¨¯w\ìeð§Ð½]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
   00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-260493348-4011631922-2919077809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿ¨¯w¨¯w\ìe°¥Ð½]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-260493348-4011631922-2919077809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿ¨¯w¨¯w\ìe°¥Ð½\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-260493348-4011631922-2919077809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿ¨¯w¨¯w\ìeð§Ð½]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-260493348-4011631922-2919077809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿ¨¯w¨¯w\ìeð§Ð½\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-260493348-4011631922-2919077809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*þÿÿÿ¨¯w¨¯w\ìe°¥Ð½]
"0"=hex:43,00,49,00,4d,00,47,00,36,00,33,00,37,00,34,00,6d,00,2e,00,6a,70,67,
   00,fe,ff,ff,ff,a8,af,11,77,a8,af,11,77,18,5c,ec,65,b0,a5,d0,bd,10,01,00,00,\
"MRUListEx"=hex:04,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,ff,
   ff,ff,ff
"1"=hex:43,00,49,00,4d,00,47,00,36,00,33,00,37,00,35,00,6d,00,2e,00,6a,70,67,
   00,fe,ff,ff,ff,a8,af,11,77,a8,af,11,77,18,5c,ec,65,b0,a5,d0,bd,10,01,00,00,\
"2"=hex:43,00,49,00,4d,00,47,00,36,00,33,00,37,00,37,00,6d,00,2e,00,6a,70,67,
   00,fe,ff,ff,ff,a8,af,11,77,a8,af,11,77,18,5c,ec,65,b0,a5,d0,bd,10,01,00,00,\
"3"=hex:43,00,49,00,4d,00,47,00,36,00,33,00,37,00,32,00,6d,00,32,00,2e,00,6a,
   70,67,00,fe,ff,ff,ff,a8,af,11,77,a8,af,11,77,18,5c,ec,65,b0,a5,d0,bd,10,01,\
"4"=hex:43,00,49,00,4d,00,47,00,36,00,33,00,37,00,32,00,6d,00,33,00,2e,00,6a,
   70,67,00,fe,ff,ff,ff,a8,af,11,77,a8,af,11,77,18,5c,ec,65,b0,a5,d0,bd,10,01,\
.
[HKEY_USERS\S-1-5-21-260493348-4011631922-2919077809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*þÿÿÿ¨¯w¨¯w\ìeð§Ð½]
"0"=hex:43,00,49,00,4d,00,47,00,36,00,33,00,37,00,32,00,6d,00,2e,00,6a,70,67,
   00,fe,ff,ff,ff,a8,af,11,77,a8,af,11,77,18,5c,ec,65,f0,a7,d0,bd,10,01,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-260493348-4011631922-2919077809-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-260493348-4011631922-2919077809-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-260493348-4011631922-2919077809-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-260493348-4011631922-2919077809-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-260493348-4011631922-2919077809-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}]
@DACL=(02 0000)
@="OpenDocument Format Filter"
.
[HKEY_USERS\S-1-5-21-260493348-4011631922-2919077809-1000_Classes\CLSID\{7BC0E713-5703-45BE-A29D-5D46D8B39262}]
@DACL=(02 0000)
@="OpenDocument Format Persistent Handler"
.
[HKEY_USERS\S-1-5-21-260493348-4011631922-2919077809-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}]
@DACL=(02 0000)
@="OpenOffice.org Property Handler"
.
[HKEY_USERS\S-1-5-21-260493348-4011631922-2919077809-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-02-11  20:27:45
ComboFix-quarantined-files.txt  2014-02-11 19:27
.
Vor Suchlauf: 16 Verzeichnis(se), 138.309.677.056 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 139.232.718.848 Bytes frei
.
- - End Of File - - 0B720234D636478D77CAB39F5BEE4CA1
A36C5E4F47E84449FF07ED3517B43A31
         
Danke

Alt 12.02.2014, 17:10   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win7, A1 Rechnung #438192 von 05-02-14 - Standard

Win7, A1 Rechnung #438192 von 05-02-14



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.02.2014, 18:39   #9
wauzz132
 
Win7, A1 Rechnung #438192 von 05-02-14 - Standard

Win7, A1 Rechnung #438192 von 05-02-14



MBAM hat unmittelbar nach dem Suchlauf unter "Logdateien" nichts gespeichert. beim späteren neuerlichen nachsehen fand ich nur Logs aus 2012 (?)


AdwC
Code:
ATTFilter
# AdwCleaner v3.018 - Bericht erstellt am 12/02/2014 um 18:57:36
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Emanuel Standard - EMANUEL-PC
# Gestartet von : C:\Users\Emanuel\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Emanuel\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Emanuel Standard\AppData\Local\PackageAware

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v32.0.1700.107

[ Datei : C:\Users\Emanuel\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\Emanuel Standard\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2123 octets] - [12/02/2014 18:48:59]
AdwCleaner[S0].txt - [2006 octets] - [12/02/2014 18:57:36]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [2066 octets] ##########
         

JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Emanuel Standard on 12.02.2014 at 19:06:17,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.02.2014 at 19:18:58,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by Emanuel Standard (administrator) on EMANUEL-PC on 12-02-2014 19:23:55
Running from C:\Users\Emanuel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
() C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files (x86)\A1 Dashboard\Dashboard.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7940128 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [824352 2009-08-29] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-01-15] ()
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [825864 2009-08-17] (Dritek System Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-31] (AVAST Software)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-18] (Google Inc.)
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: D - D:\Autorun.exe
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: E - E:\Windows/AutoRun.exe
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: {52c1f3f7-e2fc-11e1-8275-001e6425277c} - D:\Autorun.exe
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: {c44e7087-f153-11de-b4a5-00269e6d05dc} - E:\LaunchU3.exe -a
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: {d42440c1-8fde-11e3-9d5a-00269e6d05dc} - E:\LaunchU3.exe -a
Startup: C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.at/s/v/66.30/uploader2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{85F828BB-E1B6-4D1B-B9C0-272561C1F5CF}: [NameServer]194.48.128.199 194.48.139.254

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Docs) - C:\Users\Emanuel Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-01]
CHR Extension: (Google Drive) - C:\Users\Emanuel Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-01]
CHR Extension: (YouTube) - C:\Users\Emanuel Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-01]
CHR Extension: (Google-Suche) - C:\Users\Emanuel Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-01]
CHR Extension: (Skype Click to Call) - C:\Users\Emanuel Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-01]
CHR Extension: (Google Mail) - C:\Users\Emanuel Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-31] (AVAST Software)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-31] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-23] ()
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [123648 2010-12-03] (D-Link Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [123648 2010-12-03] (D-Link Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [123648 2010-12-03] (D-Link Incorporated)
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-12 19:23 - 2014-02-12 19:23 - 00014011 _____ () C:\Users\Emanuel\Desktop\FRST.txt
2014-02-12 19:23 - 2014-02-12 19:23 - 00000000 ____D () C:\Users\Emanuel\Desktop\FRST-OlderVersion
2014-02-12 19:18 - 2014-02-12 19:18 - 00000636 _____ () C:\Users\Emanuel Standard\Desktop\JRT.txt
2014-02-12 19:06 - 2014-02-12 19:06 - 00000000 ____D () C:\Windows\ERUNT
2014-02-12 19:05 - 2014-02-12 19:05 - 01037530 _____ (Thisisu) C:\Users\Emanuel\Desktop\JRT.exe
2014-02-12 18:48 - 2014-02-12 18:57 - 00000000 ____D () C:\AdwCleaner
2014-02-12 18:45 - 2014-02-12 18:45 - 01166132 _____ () C:\Users\Emanuel\Desktop\adwcleaner.exe
2014-02-12 18:29 - 2014-02-12 18:29 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\Malwarebytes
2014-02-12 18:28 - 2014-02-12 18:28 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-12 18:28 - 2014-02-12 18:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 18:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-12 18:27 - 2014-02-12 18:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Emanuel\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-12 18:27 - 2014-02-12 18:27 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Emanuel\Desktop\mbam-setup-1.75.0.1300.exe.4l1sesc.partial
2014-02-11 20:27 - 2014-02-11 20:27 - 00024022 _____ () C:\ComboFix.txt
2014-02-11 19:14 - 2014-02-11 20:27 - 00000000 ____D () C:\Qoobox
2014-02-11 19:14 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-11 19:14 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-11 19:14 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-11 19:14 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-11 19:14 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-11 19:14 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-11 19:14 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-11 19:14 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-11 19:13 - 2014-02-11 20:23 - 00000000 ____D () C:\Windows\erdnt
2014-02-11 19:10 - 2014-02-11 19:10 - 05180278 ____R (Swearware) C:\Users\Emanuel\Desktop\ComboFix.exe
2014-02-11 17:55 - 2014-02-12 19:01 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Skype
2014-02-11 00:15 - 2014-02-11 00:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-11 00:15 - 2014-02-11 00:14 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-11 00:15 - 2014-02-11 00:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-11 00:15 - 2014-02-11 00:14 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-11 00:15 - 2014-02-11 00:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-11 00:14 - 2014-02-11 00:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-11 00:04 - 2014-02-11 00:04 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\AVAST Software
2014-02-10 20:32 - 2014-02-10 20:32 - 00380416 _____ () C:\Users\Emanuel\Desktop\jcm3f2xb.exe
2014-02-10 20:27 - 2014-02-12 19:23 - 02151424 _____ (Farbar) C:\Users\Emanuel\Desktop\FRST64.exe
2014-02-10 20:27 - 2014-02-12 19:23 - 00000000 ____D () C:\FRST
2014-02-10 20:25 - 2014-02-10 20:25 - 00000494 _____ () C:\Users\Emanuel\Desktop\defogger_disable.log
2014-02-10 20:25 - 2014-02-10 20:25 - 00000000 _____ () C:\Users\Emanuel Standard\defogger_reenable
2014-02-10 20:24 - 2014-02-10 20:25 - 00050477 _____ () C:\Users\Emanuel\Downloads\Defogger.exe
2014-02-09 20:38 - 2014-02-09 20:38 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\CrashDumps
2014-02-09 19:15 - 2014-02-09 19:16 - 00014848 _____ () C:\Users\Emanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\Documents\Corel PaintShop Pro
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Ulead Systems
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Corel
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\Corel PaintShop Pro
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\Documents\Corel PaintShop Pro
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\Ulead Systems
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Local\Corel PaintShop Pro
2014-02-09 19:07 - 2014-02-09 19:07 - 00000000 ____D () C:\ProgramData\Corel
2014-02-09 19:04 - 2014-02-09 19:04 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-01-31 19:54 - 2014-01-31 19:54 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-19 20:19 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-19 20:19 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-19 20:19 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-19 20:19 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-19 20:19 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-19 20:19 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-19 20:19 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-19 20:19 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-19 20:19 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-19 20:19 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-19 20:19 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-19 20:19 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-19 20:19 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-19 20:19 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-19 20:19 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-19 20:19 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-19 20:19 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-19 20:19 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-19 20:19 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-19 20:19 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-19 20:19 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-19 20:19 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-19 20:19 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-19 20:19 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-19 20:19 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-19 20:19 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-19 20:19 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-19 20:19 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-19 20:19 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-19 20:19 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-19 20:19 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-19 17:27 - 2014-01-19 17:27 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-19 17:06 - 2014-01-19 17:16 - 00000000 ____D () C:\Program Files (x86)\PDF Blender
2014-01-19 17:05 - 2014-01-19 17:06 - 00599173 _____ () C:\Users\Emanuel\Downloads\PDFBlenderSetup1.1.2(1).exe
2014-01-19 17:05 - 2014-01-19 17:05 - 00599173 _____ () C:\Users\Emanuel\Downloads\PDFBlenderSetup1.1.2.exe
2014-01-19 03:24 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-01-19 03:17 - 2014-01-19 03:17 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-19 03:17 - 2014-01-19 03:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-19 03:17 - 2014-01-19 03:17 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-19 03:17 - 2014-01-19 03:17 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-19 03:17 - 2014-01-19 03:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-19 03:17 - 2014-01-19 03:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-19 03:17 - 2014-01-19 03:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-16 21:08 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 21:08 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 21:08 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-12 19:24 - 2014-02-12 19:23 - 00014011 _____ () C:\Users\Emanuel\Desktop\FRST.txt
2014-02-12 19:23 - 2014-02-12 19:23 - 00000000 ____D () C:\Users\Emanuel\Desktop\FRST-OlderVersion
2014-02-12 19:23 - 2014-02-10 20:27 - 02151424 _____ (Farbar) C:\Users\Emanuel\Desktop\FRST64.exe
2014-02-12 19:23 - 2014-02-10 20:27 - 00000000 ____D () C:\FRST
2014-02-12 19:20 - 2012-09-22 18:32 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-12 19:18 - 2014-02-12 19:18 - 00000636 _____ () C:\Users\Emanuel Standard\Desktop\JRT.txt
2014-02-12 19:08 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-12 19:08 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-12 19:06 - 2014-02-12 19:06 - 00000000 ____D () C:\Windows\ERUNT
2014-02-12 19:05 - 2014-02-12 19:05 - 01037530 _____ (Thisisu) C:\Users\Emanuel\Desktop\JRT.exe
2014-02-12 19:05 - 2012-09-22 18:32 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-12 19:03 - 2012-08-15 20:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-12 19:01 - 2014-02-11 17:55 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Skype
2014-02-12 19:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-12 18:59 - 2013-02-08 21:33 - 00020948 _____ () C:\Windows\setupact.log
2014-02-12 18:58 - 2013-02-08 21:35 - 01575083 _____ () C:\Windows\WindowsUpdate.log
2014-02-12 18:57 - 2014-02-12 18:48 - 00000000 ____D () C:\AdwCleaner
2014-02-12 18:45 - 2014-02-12 18:45 - 01166132 _____ () C:\Users\Emanuel\Desktop\adwcleaner.exe
2014-02-12 18:29 - 2014-02-12 18:29 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\Malwarebytes
2014-02-12 18:28 - 2014-02-12 18:28 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-12 18:28 - 2014-02-12 18:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 18:28 - 2014-02-12 18:27 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Emanuel\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-12 18:27 - 2014-02-12 18:27 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Emanuel\Desktop\mbam-setup-1.75.0.1300.exe.4l1sesc.partial
2014-02-12 17:32 - 2013-03-09 21:00 - 00094528 _____ () C:\Windows\PFRO.log
2014-02-11 20:27 - 2014-02-11 20:27 - 00024022 _____ () C:\ComboFix.txt
2014-02-11 20:27 - 2014-02-11 19:14 - 00000000 ____D () C:\Qoobox
2014-02-11 20:27 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-11 20:23 - 2014-02-11 19:13 - 00000000 ____D () C:\Windows\erdnt
2014-02-11 20:22 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-11 19:10 - 2014-02-11 19:10 - 05180278 ____R (Swearware) C:\Users\Emanuel\Desktop\ComboFix.exe
2014-02-11 17:53 - 2009-12-21 08:33 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Old_Skype
2014-02-11 17:50 - 2012-07-23 19:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-11 00:21 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 00:21 - 2008-01-15 17:47 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-02-11 00:21 - 2008-01-15 17:47 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-02-11 00:16 - 2013-02-08 22:02 - 00000000 ____D () C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2014-02-11 00:15 - 2014-02-11 00:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-11 00:14 - 2014-02-11 00:15 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-11 00:14 - 2014-02-11 00:15 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-11 00:14 - 2014-02-11 00:15 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-11 00:14 - 2014-02-11 00:15 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-11 00:14 - 2014-02-11 00:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-11 00:04 - 2014-02-11 00:04 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\AVAST Software
2014-02-11 00:03 - 2012-08-09 19:17 - 00001425 _____ () C:\Users\Emanuel Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-10 20:32 - 2014-02-10 20:32 - 00380416 _____ () C:\Users\Emanuel\Desktop\jcm3f2xb.exe
2014-02-10 20:25 - 2014-02-10 20:25 - 00000494 _____ () C:\Users\Emanuel\Desktop\defogger_disable.log
2014-02-10 20:25 - 2014-02-10 20:25 - 00000000 _____ () C:\Users\Emanuel Standard\defogger_reenable
2014-02-10 20:25 - 2014-02-10 20:24 - 00050477 _____ () C:\Users\Emanuel\Downloads\Defogger.exe
2014-02-10 20:25 - 2012-08-09 19:16 - 00000000 ____D () C:\Users\Emanuel Standard
2014-02-09 20:38 - 2014-02-09 20:38 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\CrashDumps
2014-02-09 20:02 - 2010-02-03 22:52 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\U3
2014-02-09 19:16 - 2014-02-09 19:15 - 00014848 _____ () C:\Users\Emanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\Documents\Corel PaintShop Pro
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Ulead Systems
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Corel
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\Corel PaintShop Pro
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\Documents\Corel PaintShop Pro
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\Ulead Systems
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Local\Corel PaintShop Pro
2014-02-09 19:07 - 2014-02-09 19:07 - 00000000 ____D () C:\ProgramData\Corel
2014-02-09 19:04 - 2014-02-09 19:04 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-02-05 17:03 - 2012-03-29 20:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 17:03 - 2012-03-29 20:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 17:03 - 2011-05-17 21:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-31 19:54 - 2014-01-31 19:54 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-31 19:53 - 2013-12-23 15:49 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-31 19:53 - 2013-02-08 23:55 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-31 19:53 - 2013-02-08 23:54 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-31 19:53 - 2013-02-08 23:54 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-31 19:53 - 2013-02-08 23:54 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-31 19:53 - 2010-11-27 23:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-31 19:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-01-20 20:56 - 2013-12-15 20:17 - 00000000 ____D () C:\Users\Emanuel\Documents\Bewerbung
2014-01-20 18:45 - 2011-12-06 19:58 - 00000000 ____D () C:\Program Files (x86)\D-Link Connection Manager
2014-01-19 17:27 - 2014-01-19 17:27 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-19 17:16 - 2014-01-19 17:06 - 00000000 ____D () C:\Program Files (x86)\PDF Blender
2014-01-19 17:06 - 2014-01-19 17:05 - 00599173 _____ () C:\Users\Emanuel\Downloads\PDFBlenderSetup1.1.2(1).exe
2014-01-19 17:05 - 2014-01-19 17:05 - 00599173 _____ () C:\Users\Emanuel\Downloads\PDFBlenderSetup1.1.2.exe
2014-01-19 12:27 - 2011-07-25 17:53 - 00001425 _____ () C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-19 12:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-19 03:24 - 2013-12-07 18:25 - 00130254 _____ () C:\Windows\IE11_main.log
2014-01-19 03:17 - 2014-01-19 03:17 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-19 03:17 - 2014-01-19 03:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-19 03:17 - 2014-01-19 03:17 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-19 03:17 - 2014-01-19 03:17 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-19 03:17 - 2014-01-19 03:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-19 03:17 - 2014-01-19 03:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-19 03:17 - 2014-01-19 03:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-17 20:29 - 2009-07-14 05:45 - 00369056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 22:22 - 2013-07-31 06:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 22:18 - 2009-12-21 08:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Emanuel Standard\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-31 18:57

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Danke

Alt 13.02.2014, 20:35   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Win7, A1 Rechnung #438192 von 05-02-14 - Standard

Win7, A1 Rechnung #438192 von 05-02-14




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.02.2014, 06:35   #11
wauzz132
 
Win7, A1 Rechnung #438192 von 05-02-14 - Standard

Win7, A1 Rechnung #438192 von 05-02-14



Danke - Probleme kann ich keine vermelden, bis auf Skype, welches seit ein paar Tagen den ominösen Disk I/O Fehler meldet, ist aber nehme ich an unabhängig davon.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=11c6e98b579c9d44a680c570e2b88e4c
# engine=17063
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-13 09:12:57
# local_time=2014-02-13 10:12:57 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 809008 1135206 0 0
# compatibility_mode=5893 16776573 100 94 175174 143955827 0 0
# scanned=5830
# found=0
# cleaned=0
# scan_time=592
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=11c6e98b579c9d44a680c570e2b88e4c
# engine=17063
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-13 11:32:28
# local_time=2014-02-14 12:32:28 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 817379 1143577 0 0
# compatibility_mode=5893 16776573 100 94 183545 143964198 0 0
# scanned=197813
# found=1
# cleaned=0
# scan_time=8246
sh=977551BB022C3E3AC6B03FDB3875CFC416ABD0CA ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.Q trojan" ac=I fn="C:\Users\Emanuel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\58f46385-4eced4b3"
         

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 JavaFX 2.1.1    
 Java 7 Update 51  
 Adobe Flash Player 11.9.900.170  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (26.0) 
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by Emanuel Standard (administrator) on EMANUEL-PC on 14-02-2014 07:20:49
Running from C:\Users\Emanuel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
() C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files (x86)\A1 Dashboard\Dashboard.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7940128 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [824352 2009-08-29] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-01-15] ()
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [825864 2009-08-17] (Dritek System Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-31] (AVAST Software)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-18] (Google Inc.)
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20728480 2014-01-14] (Skype Technologies S.A.)
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: D - D:\Autorun.exe
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: E - E:\Windows/AutoRun.exe
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: {52c1f3f7-e2fc-11e1-8275-001e6425277c} - D:\Autorun.exe
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: {c44e7087-f153-11de-b4a5-00269e6d05dc} - E:\LaunchU3.exe -a
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: {d42440c1-8fde-11e3-9d5a-00269e6d05dc} - E:\LaunchU3.exe -a
HKU\S-1-5-21-260493348-4011631922-2919077809-1003\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20728480 2014-01-14] (Skype Technologies S.A.)
Startup: C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.at/s/v/66.30/uploader2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{85F828BB-E1B6-4D1B-B9C0-272561C1F5CF}: [NameServer]194.48.128.199 194.48.139.254

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Docs) - C:\Users\Emanuel Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-01]
CHR Extension: (Google Drive) - C:\Users\Emanuel Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-01]
CHR Extension: (YouTube) - C:\Users\Emanuel Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-01]
CHR Extension: (Google-Suche) - C:\Users\Emanuel Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-01]
CHR Extension: (Skype Click to Call) - C:\Users\Emanuel Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-01]
CHR Extension: (Google Mail) - C:\Users\Emanuel Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-01]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-31] (AVAST Software)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-31] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-23] ()
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [123648 2010-12-03] (D-Link Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [123648 2010-12-03] (D-Link Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [123648 2010-12-03] (D-Link Incorporated)
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-14 07:19 - 2014-02-14 07:19 - 00000971 _____ () C:\Users\Emanuel Standard\Desktop\checkup.txt
2014-02-14 07:18 - 2014-02-14 07:19 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\Notepad++
2014-02-14 07:15 - 2014-02-14 07:15 - 00987425 _____ () C:\Users\Emanuel\Desktop\SecurityCheck.exe
2014-02-13 21:59 - 2014-02-13 21:59 - 02347384 _____ (ESET) C:\Users\Emanuel\Desktop\esetsmartinstaller_enu.exe
2014-02-13 20:43 - 2014-02-13 20:44 - 00000000 ____D () C:\Users\Emanuel\Desktop\skype chat
2014-02-13 20:36 - 2014-02-13 20:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-13 20:36 - 2014-02-13 20:36 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\Skype
2014-02-13 18:09 - 2014-02-13 18:09 - 00003136 _____ () C:\Windows\System32\Tasks\{A619DC59-2CCE-4E08-92EA-A90CCB513348}
2014-02-12 22:58 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 22:58 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 22:57 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 22:57 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 22:57 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 22:57 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 22:57 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 22:57 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 22:57 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 22:57 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 22:57 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 22:57 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 22:57 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 22:57 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 22:57 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 22:57 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 22:57 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 22:57 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 22:57 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 22:57 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 22:57 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 22:57 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 22:57 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 22:57 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 22:57 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 22:56 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 22:56 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 22:56 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 22:56 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 22:56 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 22:56 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 22:56 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 22:56 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 22:56 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 22:56 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 22:56 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 22:56 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 22:56 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 22:56 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 22:56 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 22:56 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 19:23 - 2014-02-14 07:20 - 00013758 _____ () C:\Users\Emanuel\Desktop\FRST.txt
2014-02-12 19:23 - 2014-02-14 07:20 - 00000000 ____D () C:\Users\Emanuel\Desktop\FRST-OlderVersion
2014-02-12 19:18 - 2014-02-12 19:18 - 00000636 _____ () C:\Users\Emanuel Standard\Desktop\JRT.txt
2014-02-12 19:06 - 2014-02-12 19:06 - 00000000 ____D () C:\Windows\ERUNT
2014-02-12 19:05 - 2014-02-12 19:05 - 01037530 _____ (Thisisu) C:\Users\Emanuel\Desktop\JRT.exe
2014-02-12 18:48 - 2014-02-12 18:57 - 00000000 ____D () C:\AdwCleaner
2014-02-12 18:45 - 2014-02-12 18:45 - 01166132 _____ () C:\Users\Emanuel\Desktop\adwcleaner.exe
2014-02-12 18:29 - 2014-02-12 18:29 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\Malwarebytes
2014-02-12 18:28 - 2014-02-12 18:28 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-12 18:28 - 2014-02-12 18:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 18:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-12 18:27 - 2014-02-12 18:27 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Emanuel\Desktop\mbam-setup-1.75.0.1300.exe.4l1sesc.partial
2014-02-12 18:03 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 18:03 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 18:03 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 18:03 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 18:03 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 18:03 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 18:02 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 18:02 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 18:02 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 18:02 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 18:02 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 18:02 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 18:02 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 18:02 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 18:02 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 18:02 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 18:02 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 18:02 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 18:02 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 18:02 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 18:02 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 18:02 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 18:02 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 18:02 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 18:02 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 18:02 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 18:02 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 18:02 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 20:27 - 2014-02-11 20:27 - 00024022 _____ () C:\ComboFix.txt
2014-02-11 19:14 - 2014-02-11 20:27 - 00000000 ____D () C:\Qoobox
2014-02-11 19:14 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-11 19:14 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-11 19:14 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-11 19:14 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-11 19:14 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-11 19:14 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-11 19:14 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-11 19:14 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-11 19:13 - 2014-02-11 20:23 - 00000000 ____D () C:\Windows\erdnt
2014-02-11 19:10 - 2014-02-11 19:10 - 05180278 ____R (Swearware) C:\Users\Emanuel\Desktop\ComboFix.exe
2014-02-11 17:55 - 2014-02-13 21:14 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Skype
2014-02-11 00:15 - 2014-02-11 00:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-11 00:15 - 2014-02-11 00:14 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-11 00:15 - 2014-02-11 00:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-11 00:15 - 2014-02-11 00:14 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-11 00:15 - 2014-02-11 00:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-11 00:14 - 2014-02-11 00:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-11 00:04 - 2014-02-11 00:04 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\AVAST Software
2014-02-10 20:32 - 2014-02-10 20:32 - 00380416 _____ () C:\Users\Emanuel\Desktop\jcm3f2xb.exe
2014-02-10 20:27 - 2014-02-14 07:20 - 02152960 _____ (Farbar) C:\Users\Emanuel\Desktop\FRST64.exe
2014-02-10 20:27 - 2014-02-14 07:20 - 00000000 ____D () C:\FRST
2014-02-10 20:25 - 2014-02-10 20:25 - 00000000 _____ () C:\Users\Emanuel Standard\defogger_reenable
2014-02-10 20:24 - 2014-02-10 20:25 - 00050477 _____ () C:\Users\Emanuel\Downloads\Defogger.exe
2014-02-09 20:38 - 2014-02-12 21:01 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\CrashDumps
2014-02-09 19:15 - 2014-02-09 19:16 - 00014848 _____ () C:\Users\Emanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\Documents\Corel PaintShop Pro
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Ulead Systems
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Corel
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\Corel PaintShop Pro
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\Documents\Corel PaintShop Pro
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\Ulead Systems
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Local\Corel PaintShop Pro
2014-02-09 19:07 - 2014-02-09 19:07 - 00000000 ____D () C:\ProgramData\Corel
2014-02-09 19:04 - 2014-02-09 19:04 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-01-31 19:54 - 2014-01-31 19:54 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-19 17:27 - 2014-01-19 17:27 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-19 17:06 - 2014-01-19 17:16 - 00000000 ____D () C:\Program Files (x86)\PDF Blender
2014-01-19 17:05 - 2014-01-19 17:06 - 00599173 _____ () C:\Users\Emanuel\Downloads\PDFBlenderSetup1.1.2(1).exe
2014-01-19 17:05 - 2014-01-19 17:05 - 00599173 _____ () C:\Users\Emanuel\Downloads\PDFBlenderSetup1.1.2.exe
2014-01-19 03:24 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-01-19 03:17 - 2014-01-19 03:17 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-19 03:17 - 2014-01-19 03:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-19 03:17 - 2014-01-19 03:17 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-19 03:17 - 2014-01-19 03:17 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-19 03:17 - 2014-01-19 03:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-19 03:17 - 2014-01-19 03:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-19 03:17 - 2014-01-19 03:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-16 21:08 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 21:08 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 21:08 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-14 07:21 - 2014-02-12 19:23 - 00013758 _____ () C:\Users\Emanuel\Desktop\FRST.txt
2014-02-14 07:20 - 2014-02-12 19:23 - 00000000 ____D () C:\Users\Emanuel\Desktop\FRST-OlderVersion
2014-02-14 07:20 - 2014-02-10 20:27 - 02152960 _____ (Farbar) C:\Users\Emanuel\Desktop\FRST64.exe
2014-02-14 07:20 - 2014-02-10 20:27 - 00000000 ____D () C:\FRST
2014-02-14 07:19 - 2014-02-14 07:19 - 00000971 _____ () C:\Users\Emanuel Standard\Desktop\checkup.txt
2014-02-14 07:19 - 2014-02-14 07:18 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\Notepad++
2014-02-14 07:15 - 2014-02-14 07:15 - 00987425 _____ () C:\Users\Emanuel\Desktop\SecurityCheck.exe
2014-02-14 07:05 - 2012-09-22 18:32 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-14 07:03 - 2012-08-15 20:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-14 07:00 - 2013-02-08 21:35 - 01925667 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 01:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 21:59 - 2014-02-13 21:59 - 02347384 _____ (ESET) C:\Users\Emanuel\Desktop\esetsmartinstaller_enu.exe
2014-02-13 21:14 - 2014-02-11 17:55 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Skype
2014-02-13 20:45 - 2009-12-21 08:33 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Old_Skype
2014-02-13 20:44 - 2014-02-13 20:43 - 00000000 ____D () C:\Users\Emanuel\Desktop\skype chat
2014-02-13 20:36 - 2014-02-13 20:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-13 20:36 - 2014-02-13 20:36 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\Skype
2014-02-13 20:36 - 2009-12-21 08:33 - 00000000 ____D () C:\ProgramData\Skype
2014-02-13 19:05 - 2012-09-22 18:32 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-13 18:44 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 18:44 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 18:36 - 2013-02-08 21:33 - 00021060 _____ () C:\Windows\setupact.log
2014-02-13 18:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-13 18:09 - 2014-02-13 18:09 - 00003136 _____ () C:\Windows\System32\Tasks\{A619DC59-2CCE-4E08-92EA-A90CCB513348}
2014-02-12 23:13 - 2009-07-14 06:13 - 01520734 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 23:13 - 2008-01-15 17:47 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-02-12 23:13 - 2008-01-15 17:47 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-02-12 21:01 - 2014-02-09 20:38 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\CrashDumps
2014-02-12 19:18 - 2014-02-12 19:18 - 00000636 _____ () C:\Users\Emanuel Standard\Desktop\JRT.txt
2014-02-12 19:06 - 2014-02-12 19:06 - 00000000 ____D () C:\Windows\ERUNT
2014-02-12 19:05 - 2014-02-12 19:05 - 01037530 _____ (Thisisu) C:\Users\Emanuel\Desktop\JRT.exe
2014-02-12 18:57 - 2014-02-12 18:48 - 00000000 ____D () C:\AdwCleaner
2014-02-12 18:45 - 2014-02-12 18:45 - 01166132 _____ () C:\Users\Emanuel\Desktop\adwcleaner.exe
2014-02-12 18:29 - 2014-02-12 18:29 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\Malwarebytes
2014-02-12 18:28 - 2014-02-12 18:28 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-12 18:28 - 2014-02-12 18:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 18:27 - 2014-02-12 18:27 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Emanuel\Desktop\mbam-setup-1.75.0.1300.exe.4l1sesc.partial
2014-02-12 17:32 - 2013-03-09 21:00 - 00094528 _____ () C:\Windows\PFRO.log
2014-02-11 20:27 - 2014-02-11 20:27 - 00024022 _____ () C:\ComboFix.txt
2014-02-11 20:27 - 2014-02-11 19:14 - 00000000 ____D () C:\Qoobox
2014-02-11 20:27 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-11 20:23 - 2014-02-11 19:13 - 00000000 ____D () C:\Windows\erdnt
2014-02-11 20:22 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-11 19:10 - 2014-02-11 19:10 - 05180278 ____R (Swearware) C:\Users\Emanuel\Desktop\ComboFix.exe
2014-02-11 17:50 - 2012-07-23 19:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-11 00:16 - 2013-02-08 22:02 - 00000000 ____D () C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2014-02-11 00:15 - 2014-02-11 00:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-11 00:14 - 2014-02-11 00:15 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-11 00:14 - 2014-02-11 00:15 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-11 00:14 - 2014-02-11 00:15 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-11 00:14 - 2014-02-11 00:15 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-11 00:14 - 2014-02-11 00:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-11 00:04 - 2014-02-11 00:04 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\AVAST Software
2014-02-11 00:03 - 2012-08-09 19:17 - 00001425 _____ () C:\Users\Emanuel Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-10 20:32 - 2014-02-10 20:32 - 00380416 _____ () C:\Users\Emanuel\Desktop\jcm3f2xb.exe
2014-02-10 20:25 - 2014-02-10 20:25 - 00000000 _____ () C:\Users\Emanuel Standard\defogger_reenable
2014-02-10 20:25 - 2014-02-10 20:24 - 00050477 _____ () C:\Users\Emanuel\Downloads\Defogger.exe
2014-02-10 20:25 - 2012-08-09 19:16 - 00000000 ____D () C:\Users\Emanuel Standard
2014-02-09 20:02 - 2010-02-03 22:52 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\U3
2014-02-09 19:16 - 2014-02-09 19:15 - 00014848 _____ () C:\Users\Emanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\Documents\Corel PaintShop Pro
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Ulead Systems
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Corel
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\Corel PaintShop Pro
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\Documents\Corel PaintShop Pro
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\Ulead Systems
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Local\Corel PaintShop Pro
2014-02-09 19:07 - 2014-02-09 19:07 - 00000000 ____D () C:\ProgramData\Corel
2014-02-09 19:04 - 2014-02-09 19:04 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-02-06 13:16 - 2014-02-12 22:57 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 22:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 22:56 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 22:57 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 22:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 22:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 22:57 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-12 22:57 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-12 22:57 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 22:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:48 - 2014-02-12 22:56 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:38 - 2014-02-12 22:56 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 22:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 22:57 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 22:56 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 22:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 22:57 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 22:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:57 - 2014-02-12 22:56 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:52 - 2014-02-12 22:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 22:57 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 22:56 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-12 22:57 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-12 22:57 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 22:57 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 22:57 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:25 - 2014-02-12 22:56 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:24 - 2014-02-12 22:56 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 22:56 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 22:57 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 22:56 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 22:56 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 22:56 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 22:56 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 22:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 22:56 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 22:56 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 17:03 - 2012-03-29 20:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 17:03 - 2012-03-29 20:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 17:03 - 2011-05-17 21:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-31 19:54 - 2014-01-31 19:54 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-31 19:53 - 2013-12-23 15:49 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-31 19:53 - 2013-02-08 23:55 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-31 19:53 - 2013-02-08 23:54 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-31 19:53 - 2013-02-08 23:54 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-31 19:53 - 2013-02-08 23:54 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-31 19:53 - 2010-11-27 23:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-20 20:56 - 2013-12-15 20:17 - 00000000 ____D () C:\Users\Emanuel\Documents\Bewerbung
2014-01-20 18:45 - 2011-12-06 19:58 - 00000000 ____D () C:\Program Files (x86)\D-Link Connection Manager
2014-01-19 17:27 - 2014-01-19 17:27 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-19 17:16 - 2014-01-19 17:06 - 00000000 ____D () C:\Program Files (x86)\PDF Blender
2014-01-19 17:06 - 2014-01-19 17:05 - 00599173 _____ () C:\Users\Emanuel\Downloads\PDFBlenderSetup1.1.2(1).exe
2014-01-19 17:05 - 2014-01-19 17:05 - 00599173 _____ () C:\Users\Emanuel\Downloads\PDFBlenderSetup1.1.2.exe
2014-01-19 12:27 - 2011-07-25 17:53 - 00001425 _____ () C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-19 12:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-19 03:24 - 2013-12-07 18:25 - 00130254 _____ () C:\Windows\IE11_main.log
2014-01-19 03:17 - 2014-01-19 03:17 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-19 03:17 - 2014-01-19 03:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-19 03:17 - 2014-01-19 03:17 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-19 03:17 - 2014-01-19 03:17 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-19 03:17 - 2014-01-19 03:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-19 03:17 - 2014-01-19 03:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-19 03:17 - 2014-01-19 03:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-17 20:29 - 2009-07-14 05:45 - 00369056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 22:22 - 2013-07-31 06:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 22:18 - 2009-12-21 08:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Emanuel Standard\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-14 01:00

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 15.02.2014, 08:30   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Win7, A1 Rechnung #438192 von 05-02-14 - Standard

Win7, A1 Rechnung #438192 von 05-02-14



Adobe updaten. Skype schonmal neu installiert?


Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.




Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.02.2014, 16:45   #13
wauzz132
 
Win7, A1 Rechnung #438192 von 05-02-14 - Standard

Win7, A1 Rechnung #438192 von 05-02-14



super, vielen Dank!!!

nach Ausführung von TFC erfolgte kein automatischer Neustart, jedoch konnte ich danach Internet nicht mehr starten (via Stick) und musste Windows neu starten. beim Herunterfahren blieb System hängen und ich musste manuell (ein/aus Schalter) nachhelfen.
Danach aber wieder alles ok.
Adobe habe ich aktualisiert, Skype Neuinstallation brachte keine Verbesserung.

Alt 18.02.2014, 11:38   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Win7, A1 Rechnung #438192 von 05-02-14 - Standard

Win7, A1 Rechnung #438192 von 05-02-14



Ok, was genau ist jetzt bei Skype noch im Argen?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.02.2014, 17:22   #15
wauzz132
 
Win7, A1 Rechnung #438192 von 05-02-14 - Standard

Win7, A1 Rechnung #438192 von 05-02-14



hat sich nun erledigt und funzt wieder nach löschen des Db Temp Ordners

Danke

Antwort

Themen zu Win7, A1 Rechnung #438192 von 05-02-14
anhang, anzeige, anzeigen, autostart, avast, boot, code, e-mail, erhalte, excel, file, gestartet, hallo zusammen, infizierte, meldung, neustart, nichts, quarantäne, rechnung, scan, standard, verschoben, win, win7, zusammen



Ähnliche Themen: Win7, A1 Rechnung #438192 von 05-02-14


  1. rechnung.exe mail
    Plagegeister aller Art und deren Bekämpfung - 14.10.2015 (5)
  2. gefälschte Rechnung von Vodaphone mit falschem Link zur angeblichen .pdf-Rechnung
    Plagegeister aller Art und deren Bekämpfung - 18.12.2014 (9)
  3. WIN7: Telekom-Rechnung (Trojaner) - Pc versendet Rechnungs-eMails und Grußkarten
    Log-Analyse und Auswertung - 07.12.2014 (9)
  4. Win7: Spam Mail angeklickt / T-Mobile Rechnung
    Log-Analyse und Auswertung - 07.09.2014 (3)
  5. Win7: Telekom Rechnung Trojaner?
    Log-Analyse und Auswertung - 28.05.2014 (3)
  6. Trojaner aus Amazon-Rechnung "775499404.Rechnung.11.08.13.PDF.exe"
    Plagegeister aller Art und deren Bekämpfung - 10.12.2013 (16)
  7. Div. Bluescreens bei Win7 und Win7-Installation nach durchgeb. Netzteil
    Alles rund um Windows - 24.11.2013 (8)
  8. Win7 32 bit auf 64bit win7 updeaten
    Alles rund um Windows - 08.09.2013 (10)
  9. Rechnung.zip von Medimops
    Log-Analyse und Auswertung - 25.06.2013 (23)
  10. Rechnung.exe
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (1)
  11. o2 Rechnung.pdf
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (3)
  12. Ist Win7 Starter genau so sicher wie das normale Win7?
    Alles rund um Windows - 28.07.2011 (2)
  13. Rechnung.zip / Anhang.zip
    Plagegeister aller Art und deren Bekämpfung - 29.10.2008 (5)
  14. Rechnung pdf.exe
    Plagegeister aller Art und deren Bekämpfung - 11.01.2007 (9)
  15. 1&1 Rechnung
    Plagegeister aller Art und deren Bekämpfung - 09.01.2007 (24)
  16. Ebay-Rechnung.pdf.exe
    Plagegeister aller Art und deren Bekämpfung - 22.10.2005 (21)

Zum Thema Win7, A1 Rechnung #438192 von 05-02-14 - Hallo zusammen, Freundin hat im erhaltenen E-Mail (lt. Betreff) leider "irrtümlich" auf den Anhang "quittung2014.05.02.rtf" geklickt, worauf sich ein Excel file öffnete mit der Meldung ~ zum anzeigen doppelklicken, und - Win7, A1 Rechnung #438192 von 05-02-14...
Archiv
Du betrachtest: Win7, A1 Rechnung #438192 von 05-02-14 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.