Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7: Yawtix ads

Windows 7: Yawtix ads


Log-Analyse und Auswertung: Windows 7: Yawtix ads

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 1 von 2 1 2
Alt 11.08.2014, 23:49   #1
Change
 
Windows 7: Yawtix ads - Unglücklich

Windows 7: Yawtix ads


Hallo,

ich habe seit gesten merkwürdige Vorkommnisse in meinem Firefox bemerkt.
Seltsame Pagerankings tauchten als Ad-Popups auf und auch wenn ich Text markierte kamen Tooltips für das Suchen oder Weiterleiten an Google, Facebook ect.

Dabei stand immer der Name: Yawtix.

Ich habe mich genaustens an den Anleitungs-Thread gehalten:
http://www.trojaner-board.de/69886-a...tml#post566999

Ich habe die Scans alle durchgeführt, danach habe ich auch nochmal MBAM drüberlaufen lassen, der fand 8 Objekte (alle mit Yawtix im Namen).
Diese habe ich in die Quarantäne verschoben und MBAM sagte der PC sei sauber.

Ich habe im Anschluss nocheinmal die Scanner drüberlaufen lassen und würde nun gerne wissen ob mein PC durchweg sauber ist.

Im Anhang befinden sich die Logfiles sowohl vor, als auch nach der MBAM Intervention, jenachdem welche Ihr braucht um mir zu helfen.

Achja, GMER hat beim Starten folgenden Fehler ausgespuckt:
Zitat:
C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Und wärend des Scans kamen auch 2 Fehlermeldungen:
Zitat:
C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
und
C:\User\Jonas\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Noch eine Frage am Rande:
Müssen durch defogger eventuell deaktivierte Treiber später (auf Anweisung) wieder aktiviert werden, oder erledigt das ein PC Neustart automatisch?

Vielen, vielen Dank euch im Voraus!

Alt 12.08.2014, 04:50   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Yawtix ads - Standard

Windows 7: Yawtix ads


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 12.08.2014, 09:48   #3
Change
 
Windows 7: Yawtix ads - Standard

Windows 7: Yawtix ads


Hallo,

vielen Dank für deine schnelle Antwort.
Es sind halt 11 Logs unter anderem sehr große...wenn ich die hier alle reinposte gesplittet wirst du denke ich total den Überblick verlieren...

Wenn ich es trotzdem machen soll bitte kurze Rückmeldung ;-)
__________________
Alt 12.08.2014, 18:04   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Yawtix ads - Standard

Windows 7: Yawtix ads


FRST.txt und Addition.txt reichen erstmal
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.08.2014, 18:47   #5
Change
 
Windows 7: Yawtix ads - Standard

Windows 7: Yawtix ads


Von vor oder nach der MBAM Reinigung oder Beide?

LG


Alt 12.08.2014, 18:54   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Yawtix ads - Standard

Windows 7: Yawtix ads


Aktuelle bitte
__________________
--> Windows 7: Yawtix ads

Alt 12.08.2014, 20:17   #7
Change
 
Windows 7: Yawtix ads - Standard

Windows 7: Yawtix ads


Alles klar.

FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by Jonas (administrator) on JONAS-PC on 12-08-2014 00:36:12
Running from C:\Users\Jonas\Desktop\Scan
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) D:\Program Files (x86)\VMWare\vmware-authd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() D:\Program Files (x86)\VMWare\vmware-hostd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(shbox.de) D:\Programme 32\FreePDF_XP\fpassist.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [FreePDF Assistant] => D:\Programme 32\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2447308508-773045781-2490511535-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2447308508-773045781-2490511535-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-2447308508-773045781-2490511535-1000\...\MountPoints2: {1dc98824-26f0-11e3-b095-94de80b85b53} - G:\autorun.exe
HKU\S-1-5-21-2447308508-773045781-2490511535-1000\...\MountPoints2: {a192af66-fc43-11e3-93fe-94de80b85b53} - G:\setup.exe
HKU\S-1-5-21-2447308508-773045781-2490511535-1000\...\MountPoints2: {f61e4471-fcac-11e3-af77-94de80b85b53} - G:\AoKSetup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} =>  No File
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} =>  No File
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x56C9E06BEEBACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
StartMenuInternet: IEXPLORE.EXE - D:\Programme\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default
FF Homepage: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> D:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> D:\Programme\VLC Player\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\Programme\VLC Player\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> D:\Programme\VLC Player\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jonas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF user.js: detected! => C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\user.js
FF Extension: Battlefield Play4Free - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\Extensions\battlefieldplay4free@ea.com [2013-11-27]
FF Extension: Html Validator - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2014-06-16]
FF Extension: Firebug - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\Extensions\firebug@software.joehewitt.com.xpi [2013-09-26]
FF Extension: Ghostery - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\Extensions\firefox@ghostery.com.xpi [2014-01-20]
FF Extension: Firepicker - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\Extensions\firepicker@thedarkone.xpi [2013-12-03]
FF Extension: {3b49186e-e6b2-4341-903b-93de5bf62889} - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\Extensions\{3b49186e-e6b2-4341-903b-93de5bf62889}.xpi [2013-11-07]
FF Extension: Unity Web Player Plugin Light - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\Extensions\{6d94ccdc-4e75-40eb-8e5e-17a8dffdf5bf}.xpi [2013-11-07]
FF Extension: Adblock Plus - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-27]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - D:\Programme 32\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR Extension: (Google Wallet) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-01-07] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-01-07] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-28] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-16] ()
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VMAuthdService; D:\Program Files (x86)\VMWare\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)
R2 VMwareHostd; D:\Program Files (x86)\VMWare\vmware-hostd.exe [14407384 2014-06-12] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-25] (Disc Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2000-01-01] (Synaptics Incorporated)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2013-07-19] (Creative Technology Ltd.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] ()
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [32472 2014-06-12] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
U3 kgloypow; \??\C:\Users\Jonas\AppData\Local\Temp\kgloypow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 00:18 - 2014-08-12 00:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 00:18 - 2014-08-12 00:18 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-12 00:18 - 2014-08-12 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-12 00:18 - 2014-08-12 00:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-12 00:18 - 2014-08-12 00:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-12 00:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-12 00:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-12 00:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-12 00:04 - 2014-08-12 00:04 - 00000000 _____ () C:\Users\Jonas\defogger_reenable
2014-08-11 23:03 - 2014-08-12 00:36 - 00000000 ____D () C:\FRST
2014-08-11 19:14 - 2014-08-11 19:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-11 19:14 - 2014-08-11 19:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-08-11 19:12 - 2014-08-11 19:23 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\MyPhoneExplorer
2014-08-11 19:12 - 2014-08-11 19:12 - 00000000 ____D () C:\Users\Jonas\.android
2014-08-11 19:11 - 2014-08-11 19:11 - 00000951 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-08-11 19:11 - 2014-08-11 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-02 22:25 - 2014-08-11 23:04 - 00000000 ____D () C:\Users\Jonas\Documents\FIFA World
2014-08-02 22:23 - 2014-08-02 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World
2014-08-01 20:44 - 2014-08-01 20:45 - 00000000 ____D () C:\Users\Jonas\Documents\New Unity Project
2014-08-01 20:43 - 2014-08-01 20:44 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Unity
2014-08-01 20:40 - 2014-08-01 20:45 - 00000000 ____D () C:\ProgramData\Unity
2014-08-01 20:40 - 2014-08-01 20:40 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Apple Computer
2014-08-01 20:40 - 2014-08-01 20:40 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Unity
2014-08-01 20:40 - 2014-08-01 20:40 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Apple Computer
2014-08-01 20:39 - 2014-08-01 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
2014-08-01 20:39 - 2014-08-01 20:39 - 00000828 _____ () C:\Users\Public\Desktop\Unity.lnk
2014-08-01 20:39 - 2014-08-01 20:39 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects
2014-08-01 15:06 - 2014-08-01 15:06 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-08-01 09:03 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 09:03 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 09:03 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 09:03 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 09:03 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 09:03 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 09:03 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 09:03 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 09:03 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 09:03 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 09:03 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 09:03 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 09:03 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 09:03 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 03:03 - 2014-07-02 19:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-07-30 03:02 - 2014-07-02 22:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-07-30 03:02 - 2014-07-02 22:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00391640 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-07-19 14:32 - 2014-07-27 15:25 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\VMware
2014-07-19 14:32 - 2014-07-27 15:25 - 00000000 ____D () C:\Users\Jonas\AppData\Local\VMware
2014-07-19 14:17 - 2014-06-12 18:23 - 00064728 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2014-07-19 14:17 - 2014-06-12 18:22 - 00032472 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMparport.sys
2014-07-19 14:17 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-07-19 14:17 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-07-19 14:17 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-07-19 14:16 - 2014-08-12 00:26 - 00000000 ____D () C:\ProgramData\VMware
2014-07-19 14:16 - 2014-07-19 14:16 - 00001024 _____ () C:\Windows\SysWOW64\%TMP%
2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-07-19 14:16 - 2014-06-12 18:23 - 00359128 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2014-07-19 14:16 - 2014-06-12 18:22 - 00931032 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2014-07-19 14:16 - 2014-06-12 18:22 - 00437976 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2014-07-19 14:16 - 2014-06-12 18:22 - 00031448 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-07-19 14:16 - 2014-02-27 18:40 - 00054464 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-07-19 14:09 - 2014-07-15 16:16 - 00863528 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-07-19 14:09 - 2014-07-15 16:15 - 00129168 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-07-17 16:04 - 2014-07-17 16:04 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN Movie Creator
2014-07-17 16:04 - 2014-07-17 16:04 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-17 15:50 - 2014-07-21 02:06 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Sony
2014-07-17 15:49 - 2014-07-17 15:50 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Sony
2014-07-17 14:14 - 2014-07-25 11:39 - 00001017 _____ () C:\Users\Jonas\Desktop\Dropbox.lnk
2014-07-17 14:07 - 2014-08-12 00:26 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Dropbox
2014-07-17 14:07 - 2014-07-25 11:39 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-15 23:26 - 2014-04-07 13:07 - 06715624 _____ (TomTom International B.V.) C:\Users\Jonas\Downloads\InstallMyDriveConnect_3_3_0_1502.exe
2014-07-15 23:24 - 2014-07-15 23:24 - 00000000 ____D () C:\Users\Jonas\Documents\TomTom
2014-07-15 23:24 - 2014-07-15 23:24 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\TomTom
2014-07-15 23:23 - 2014-07-15 23:23 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Downloaded Installations
2014-07-15 16:15 - 2014-07-15 16:15 - 00142528 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-07-15 16:13 - 2014-07-15 16:13 - 00205352 ____N (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2014-07-14 22:47 - 2014-07-14 22:47 - 00293040 _____ () C:\Windows\Minidump\071414-5959-01.dmp
2014-07-14 00:54 - 2014-07-14 00:54 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Ubisoft

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 00:36 - 2014-08-11 23:03 - 00000000 ____D () C:\FRST
2014-08-12 00:34 - 2009-07-14 19:58 - 00702138 _____ () C:\Windows\system32\perfh007.dat
2014-08-12 00:34 - 2009-07-14 19:58 - 00150804 _____ () C:\Windows\system32\perfc007.dat
2014-08-12 00:34 - 2009-07-14 07:13 - 01628954 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-12 00:33 - 2009-07-14 06:45 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 00:33 - 2009-07-14 06:45 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 00:30 - 2014-08-12 00:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 00:29 - 2013-09-26 23:21 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Skype
2014-08-12 00:29 - 2013-09-26 20:11 - 01382029 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 00:26 - 2014-07-19 14:16 - 00000000 ____D () C:\ProgramData\VMware
2014-08-12 00:26 - 2014-07-17 14:07 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Dropbox
2014-08-12 00:26 - 2013-11-22 12:28 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 00:26 - 2013-10-16 21:01 - 00000000 ____D () C:\Users\Jonas\AppData\Local\FreePDF_XP
2014-08-12 00:26 - 2013-09-26 21:35 - 00208406 _____ () C:\Windows\PFRO.log
2014-08-12 00:26 - 2013-09-26 21:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-12 00:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 00:26 - 2009-07-14 06:51 - 00110024 _____ () C:\Windows\setupact.log
2014-08-12 00:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2014-08-12 00:18 - 2014-08-12 00:18 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-12 00:18 - 2014-08-12 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-12 00:18 - 2014-08-12 00:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-12 00:18 - 2014-08-12 00:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-12 00:17 - 2009-07-14 04:34 - 00000540 _____ () C:\Windows\win.ini
2014-08-12 00:04 - 2014-08-12 00:04 - 00000000 _____ () C:\Users\Jonas\defogger_reenable
2014-08-12 00:04 - 2013-09-26 20:11 - 00000000 ____D () C:\Users\Jonas
2014-08-12 00:03 - 2013-10-07 11:26 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\vlc
2014-08-11 23:59 - 2013-11-22 12:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-11 23:50 - 2013-10-12 14:30 - 00001456 _____ () C:\Users\Jonas\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-08-11 23:04 - 2014-08-02 22:25 - 00000000 ____D () C:\Users\Jonas\Documents\FIFA World
2014-08-11 19:23 - 2014-08-11 19:12 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\MyPhoneExplorer
2014-08-11 19:14 - 2014-08-11 19:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-11 19:14 - 2014-08-11 19:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-08-11 19:12 - 2014-08-11 19:12 - 00000000 ____D () C:\Users\Jonas\.android
2014-08-11 19:11 - 2014-08-11 19:11 - 00000951 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-08-11 19:11 - 2014-08-11 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-11 18:58 - 2013-09-29 16:19 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-08-11 16:47 - 2013-09-29 16:19 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-08-11 11:48 - 2013-12-09 20:32 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-11 10:53 - 2013-09-28 13:18 - 00000000 ____D () C:\ProgramData\Origin
2014-08-09 20:49 - 2013-09-26 23:21 - 00000000 ____D () C:\ProgramData\Skype
2014-08-08 11:04 - 2013-09-26 21:34 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-07 10:15 - 2013-09-27 00:54 - 00363706 _____ () C:\Windows\DirectX.log
2014-08-02 22:23 - 2014-08-02 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World
2014-08-02 22:23 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-02 15:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-01 20:45 - 2014-08-01 20:44 - 00000000 ____D () C:\Users\Jonas\Documents\New Unity Project
2014-08-01 20:45 - 2014-08-01 20:40 - 00000000 ____D () C:\ProgramData\Unity
2014-08-01 20:44 - 2014-08-01 20:43 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Unity
2014-08-01 20:40 - 2014-08-01 20:40 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Apple Computer
2014-08-01 20:40 - 2014-08-01 20:40 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Unity
2014-08-01 20:40 - 2014-08-01 20:40 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Apple Computer
2014-08-01 20:40 - 2014-08-01 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
2014-08-01 20:39 - 2014-08-01 20:39 - 00000828 _____ () C:\Users\Public\Desktop\Unity.lnk
2014-08-01 20:39 - 2014-08-01 20:39 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects
2014-08-01 15:06 - 2014-08-01 15:06 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-07-31 12:16 - 2013-09-26 22:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 13:22 - 2013-09-26 23:45 - 00000000 ___RD () C:\Users\Jonas\Desktop\Spiele
2014-07-30 13:10 - 2014-06-25 23:15 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-07-30 03:08 - 2013-11-20 10:45 - 00000000 ____D () C:\Users\Jonas\AppData\Local\NVIDIA Corporation
2014-07-30 03:03 - 2013-09-26 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-30 03:03 - 2013-09-26 21:22 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-30 03:02 - 2013-09-26 21:22 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-27 15:25 - 2014-07-19 14:32 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\VMware
2014-07-27 15:25 - 2014-07-19 14:32 - 00000000 ____D () C:\Users\Jonas\AppData\Local\VMware
2014-07-25 15:50 - 2014-06-03 08:11 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-07-25 15:50 - 2014-06-03 08:11 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-07-25 15:50 - 2013-11-07 22:20 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-07-25 15:50 - 2013-11-07 22:20 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-07-25 12:36 - 2013-10-09 12:46 - 00000000 ____D () C:\Users\Jonas\AppData\Local\TGitCache
2014-07-25 11:39 - 2014-07-17 14:14 - 00001017 _____ () C:\Users\Jonas\Desktop\Dropbox.lnk
2014-07-25 11:39 - 2014-07-17 14:07 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-21 12:40 - 2014-06-16 11:40 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Adobe
2014-07-21 10:22 - 2013-09-26 23:16 - 00000000 ___RD () C:\Users\Jonas\Desktop\Programme
2014-07-21 02:06 - 2014-07-17 15:50 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Sony
2014-07-19 14:16 - 2014-07-19 14:16 - 00001024 _____ () C:\Windows\SysWOW64\%TMP%
2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-07-19 14:16 - 2013-09-26 21:21 - 01648846 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-17 16:04 - 2014-07-17 16:04 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN Movie Creator
2014-07-17 16:04 - 2014-07-17 16:04 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-17 15:50 - 2014-07-17 15:49 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Sony
2014-07-15 23:35 - 2014-01-08 01:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-07-15 23:24 - 2014-07-15 23:24 - 00000000 ____D () C:\Users\Jonas\Documents\TomTom
2014-07-15 23:24 - 2014-07-15 23:24 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\TomTom
2014-07-15 23:24 - 2014-01-08 01:53 - 00000000 ____D () C:\Users\Jonas\AppData\Local\TomTom
2014-07-15 23:24 - 2014-01-08 01:53 - 00000000 ____D () C:\Program Files (x86)\TomTom International B.V
2014-07-15 23:23 - 2014-07-15 23:23 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Downloaded Installations
2014-07-15 16:16 - 2014-07-19 14:09 - 00863528 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-07-15 16:15 - 2014-07-19 14:09 - 00129168 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-07-15 16:15 - 2014-07-15 16:15 - 00142528 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-07-15 16:13 - 2014-07-15 16:13 - 00205352 ____N (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2014-07-14 22:47 - 2014-07-14 22:47 - 00293040 _____ () C:\Windows\Minidump\071414-5959-01.dmp
2014-07-14 22:47 - 2014-01-30 21:39 - 00000000 ____D () C:\Windows\Minidump
2014-07-14 00:54 - 2014-07-14 00:54 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Ubisoft

Some content of TEMP:
====================
C:\Users\Jonas\AppData\Local\Temp\AdobeDownloadAssistant.exe
C:\Users\Jonas\AppData\Local\Temp\CRCCheck.exe
C:\Users\Jonas\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Jonas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuj77rp.dll
C:\Users\Jonas\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Jonas\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Jonas\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Jonas\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Jonas\AppData\Local\Temp\npp.6.5.1.Installer.exe
C:\Users\Jonas\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Jonas\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jonas\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Jonas\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Jonas\AppData\Local\Temp\nvStInst.exe
C:\Users\Jonas\AppData\Local\Temp\PicaJet.Daminion._d02b882f.dll
C:\Users\Jonas\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Jonas\AppData\Local\Temp\sdapskill.exe
C:\Users\Jonas\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Jonas\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Jonas\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jonas\AppData\Local\Temp\sonarinst.exe
C:\Users\Jonas\AppData\Local\Temp\ubi1FD0.tmp.exe
C:\Users\Jonas\AppData\Local\Temp\ubiDD91.tmp.exe
C:\Users\Jonas\AppData\Local\Temp\uninstall.exe
C:\Users\Jonas\AppData\Local\Temp\uninstall_flash_player.exe
C:\Users\Jonas\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\Jonas\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Jonas\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Jonas\AppData\Local\Temp\_is7CED.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 09:42

==================== End Of Log ============================
--- --- ---
Alt 12.08.2014, 20:20   #8
Change
 
Windows 7: Yawtix ads - Standard

Windows 7: Yawtix ads


GMER Teil 1
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-12 00:35:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_PRO_Series rev.DXM05B0Q 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\Jonas\AppData\Local\Temp\kgloypow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                  0000000077701360 5 bytes JMP 000000014a480460
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                           00000000777013b0 5 bytes JMP 000000014a480450
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                           0000000077701510 5 bytes JMP 000000014a480370
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                0000000077701560 5 bytes JMP 000000014a480470
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                      0000000077701570 5 bytes JMP 000000014a4803e0
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                           0000000077701620 5 bytes JMP 000000014a480320
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                    0000000077701650 5 bytes JMP 000000014a4803b0
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                       0000000077701670 5 bytes JMP 000000014a480390
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                             00000000777016b0 5 bytes JMP 000000014a4802e0
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                           0000000077701730 5 bytes JMP 000000014a4802d0
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                         0000000077701750 5 bytes JMP 000000014a480310
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                          0000000077701790 5 bytes JMP 000000014a4803c0
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                       00000000777017e0 5 bytes JMP 000000014a4803f0
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                          0000000077701940 5 bytes JMP 000000014a480230
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                               0000000077701b00 5 bytes JMP 000000014a480480
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                              0000000077701b30 5 bytes JMP 000000014a4803a0
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                       0000000077701c10 5 bytes JMP 000000014a4802f0
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                    0000000077701c20 5 bytes JMP 000000014a480350
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                          0000000077701c80 5 bytes JMP 000000014a480290
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                       0000000077701d10 5 bytes JMP 000000014a4802b0
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                        0000000077701d30 5 bytes JMP 000000014a4803d0
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                           0000000077701d40 5 bytes JMP 000000014a480330
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                    0000000077701db0 5 bytes JMP 000000014a480410
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                       0000000077701de0 5 bytes JMP 000000014a480240
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                            00000000777020a0 5 bytes JMP 000000014a4801e0
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                       0000000077702160 5 bytes JMP 000000014a480250
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                       0000000077702190 5 bytes JMP 000000014a480490
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                              00000000777021a0 5 bytes JMP 000000014a4804a0
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                         00000000777021d0 5 bytes JMP 000000014a480300
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                      00000000777021e0 5 bytes JMP 000000014a480360
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                            0000000077702240 5 bytes JMP 000000014a4802a0
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                         0000000077702290 5 bytes JMP 000000014a4802c0
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                            00000000777022c0 5 bytes JMP 000000014a480380
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                             00000000777022d0 5 bytes JMP 000000014a480340
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                      00000000777025c0 5 bytes JMP 000000014a480440
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                     00000000777027c0 5 bytes JMP 000000014a480260
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                        00000000777027d0 5 bytes JMP 000000014a480270
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                      00000000777027e0 5 bytes JMP 000000014a480400
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                  00000000777029a0 5 bytes JMP 000000014a4801f0
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                   00000000777029b0 5 bytes JMP 000000014a480210
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                        0000000077702a20 5 bytes JMP 000000014a480200
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                        0000000077702a80 5 bytes JMP 000000014a480420
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                         0000000077702a90 5 bytes JMP 000000014a480430
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                    0000000077702aa0 5 bytes JMP 000000014a480220
.text  C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                            0000000077702b80 5 bytes JMP 000000014a480280
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                         00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                         0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                              0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                    0000000077701570 5 bytes JMP 00000000778603e0
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                         0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                     0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                           00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                         0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                       0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                        0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                     00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                        0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                             0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                            0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                     0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                  0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                        0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                     0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                         0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                  0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                     0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                          00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                     0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                     0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                            00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                       00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                    00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                          0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                       0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                          00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                           00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                    00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                   00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                      00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    00000000777027e0 5 bytes JMP 0000000077860400
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                 00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                      0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                      0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                       0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                  0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                          0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Windows\system32\wininit.exe[716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                               00000000774eef8d 1 byte [62]
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                  0000000077701360 5 bytes JMP 000000014a480460
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                           00000000777013b0 5 bytes JMP 000000014a480450
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                           0000000077701510 5 bytes JMP 000000014a480370
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                0000000077701560 5 bytes JMP 000000014a480470
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                      0000000077701570 5 bytes JMP 000000014a4803e0
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                           0000000077701620 5 bytes JMP 000000014a480320
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                    0000000077701650 5 bytes JMP 000000014a4803b0
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                       0000000077701670 5 bytes JMP 000000014a480390
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                             00000000777016b0 5 bytes JMP 000000014a4802e0
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                           0000000077701730 5 bytes JMP 000000014a4802d0
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                         0000000077701750 5 bytes JMP 000000014a480310
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                          0000000077701790 5 bytes JMP 000000014a4803c0
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                       00000000777017e0 5 bytes JMP 000000014a4803f0
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                          0000000077701940 5 bytes JMP 000000014a480230
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                               0000000077701b00 5 bytes JMP 000000014a480480
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                              0000000077701b30 5 bytes JMP 000000014a4803a0
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                       0000000077701c10 5 bytes JMP 000000014a4802f0
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                    0000000077701c20 5 bytes JMP 000000014a480350
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                          0000000077701c80 5 bytes JMP 000000014a480290
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                       0000000077701d10 5 bytes JMP 000000014a4802b0
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                        0000000077701d30 5 bytes JMP 000000014a4803d0
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                           0000000077701d40 5 bytes JMP 000000014a480330
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                    0000000077701db0 5 bytes JMP 000000014a480410
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                       0000000077701de0 5 bytes JMP 000000014a480240
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                            00000000777020a0 5 bytes JMP 000000014a4801e0
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                       0000000077702160 5 bytes JMP 000000014a480250
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                       0000000077702190 5 bytes JMP 000000014a480490
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                              00000000777021a0 5 bytes JMP 000000014a4804a0
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                         00000000777021d0 5 bytes JMP 000000014a480300
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                      00000000777021e0 5 bytes JMP 000000014a480360
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                            0000000077702240 5 bytes JMP 000000014a4802a0
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                         0000000077702290 5 bytes JMP 000000014a4802c0
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                            00000000777022c0 5 bytes JMP 000000014a480380
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                             00000000777022d0 5 bytes JMP 000000014a480340
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                      00000000777025c0 5 bytes JMP 000000014a480440
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                     00000000777027c0 5 bytes JMP 000000014a480260
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                        00000000777027d0 5 bytes JMP 000000014a480270
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                      00000000777027e0 5 bytes JMP 000000014a480400
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                  00000000777029a0 5 bytes JMP 000000014a4801f0
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                   00000000777029b0 5 bytes JMP 000000014a480210
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                        0000000077702a20 5 bytes JMP 000000014a480200
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                        0000000077702a80 5 bytes JMP 000000014a480420
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                         0000000077702a90 5 bytes JMP 000000014a480430
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                    0000000077702aa0 5 bytes JMP 000000014a480220
.text  C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                            0000000077702b80 5 bytes JMP 000000014a480280
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077701570 5 bytes JMP 00000000778603e0
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   00000000777027e0 5 bytes JMP 0000000077860400
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Windows\system32\services.exe[776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              00000000774eef8d 1 byte [62]
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077701360 5 bytes JMP 0000000100040460
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        00000000777013b0 5 bytes JMP 0000000100040450
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077701510 5 bytes JMP 0000000100040370
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077701560 5 bytes JMP 0000000100040470
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077701570 5 bytes JMP 00000001000403e0
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077701620 5 bytes JMP 0000000100040320
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077701650 5 bytes JMP 00000001000403b0
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077701670 5 bytes JMP 0000000100040390
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          00000000777016b0 5 bytes JMP 00000001000402e0
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077701730 5 bytes JMP 00000001000402d0
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077701750 5 bytes JMP 0000000100040310
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077701790 5 bytes JMP 00000001000403c0
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    00000000777017e0 5 bytes JMP 00000001000403f0
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077701940 5 bytes JMP 0000000100040230
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077701b00 5 bytes JMP 0000000100040480
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077701b30 5 bytes JMP 00000001000403a0
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077701c10 5 bytes JMP 00000001000402f0
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077701c20 5 bytes JMP 0000000100040350
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077701c80 5 bytes JMP 0000000100040290
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077701d10 5 bytes JMP 00000001000402b0
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077701d30 5 bytes JMP 00000001000403d0
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077701d40 5 bytes JMP 0000000100040330
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077701db0 5 bytes JMP 0000000100040410
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077701de0 5 bytes JMP 0000000100040240
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         00000000777020a0 5 bytes JMP 00000001000401e0
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077702160 5 bytes JMP 0000000100040250
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077702190 5 bytes JMP 0000000100040490
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           00000000777021a0 5 bytes JMP 00000001000404a0
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      00000000777021d0 5 bytes JMP 0000000100040300
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   00000000777021e0 5 bytes JMP 0000000100040360
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077702240 5 bytes JMP 00000001000402a0
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077702290 5 bytes JMP 00000001000402c0
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         00000000777022c0 5 bytes JMP 0000000100040380
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          00000000777022d0 5 bytes JMP 0000000100040340
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   00000000777025c0 5 bytes JMP 0000000100040440
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  00000000777027c0 5 bytes JMP 0000000100040260
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     00000000777027d0 5 bytes JMP 0000000100040270
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   00000000777027e0 5 bytes JMP 0000000100040400
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               00000000777029a0 5 bytes JMP 00000001000401f0
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                00000000777029b0 5 bytes JMP 0000000100040210
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077702a20 5 bytes JMP 0000000100040200
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077702a80 5 bytes JMP 0000000100040420
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077702a90 5 bytes JMP 0000000100040430
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077702aa0 5 bytes JMP 0000000100040220
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077702b80 5 bytes JMP 0000000100040280
.text  C:\Windows\system32\winlogon.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                              00000000774eef8d 1 byte [62]
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                  0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                           00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                           0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                      0000000077701570 5 bytes JMP 00000000778603e0
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                           0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                    0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                       0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                             00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                           0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                         0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                          0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                       00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                          0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                               0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                              0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                       0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                    0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                          0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                       0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                        0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                           0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                    0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                       0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                            00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                       0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                       0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                              00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                         00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                      00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                            0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                         0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                            00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                             00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                      00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                     00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                        00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                      00000000777027e0 5 bytes JMP 0000000077860400
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                  00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                   00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                        0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                        0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                         0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                    0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Windows\system32\lsass.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                            0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                    0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                             00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                             0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                  0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                        0000000077701570 5 bytes JMP 00000000778603e0
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                             0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                      0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                         0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                               00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                             0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                           0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                            0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                         00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                            0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                 0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                         0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                      0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                            0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                         0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                          0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                             0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                      0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                         0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                              00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                         0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                         0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                           00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                        00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                              0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                           0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                              00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                               00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                        00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                       00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                          00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                        00000000777027e0 5 bytes JMP 0000000077860400
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                    00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                     00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                          0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                          0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                           0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                      0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                              0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                         00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                         0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                              0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                    0000000077701570 5 bytes JMP 00000000778603e0
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                         0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                     0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                           00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                         0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                       0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                        0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                     00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                        0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                             0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                            0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                     0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                  0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                        0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                     0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                         0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                  0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                     0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                          00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                     0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                     0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                            00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                       00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                    00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                          0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                       0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                          00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                           00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                    00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                   00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                      00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    00000000777027e0 5 bytes JMP 0000000077860400
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                 00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                      0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                      0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                       0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                  0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                          0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                         00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                         0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                              0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                    0000000077701570 5 bytes JMP 00000000778603e0
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                         0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                     0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                           00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                         0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                       0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                        0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                     00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                        0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                             0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                            0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                     0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                  0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                        0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                     0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                         0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                  0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                     0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                          00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                     0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                     0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                            00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                       00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                    00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                          0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                       0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                          00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                           00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                    00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                   00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                      00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    00000000777027e0 5 bytes JMP 0000000077860400
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                 00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                      0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                      0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                       0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                  0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                          0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Windows\system32\nvvsvc.exe[1020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                               00000000774eef8d 1 byte [62]
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[172] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                           0000000075efa2fd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                         00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                         0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                              0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                    0000000077701570 5 bytes JMP 00000000778603e0
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                         0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                     0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                           00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                         0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                       0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                        0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                     00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                        0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                             0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                            0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                     0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                  0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                        0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                     0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                         0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                  0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                     0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                          00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                     0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                     0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                            00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                       00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                    00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                          0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                       0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                          00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                           00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                    00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                   00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                      00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    00000000777027e0 5 bytes JMP 0000000077860400
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                 00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                      0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                      0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                       0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                  0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Windows\system32\svchost.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                          0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077701570 5 bytes JMP 00000000778603e0
.text  C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077701940 5 bytes JMP 0000000077860230

Alt 12.08.2014, 20:22   #9
Change
 
Windows 7: Yawtix ads - Standard

Windows 7: Yawtix ads


GMER Teil 2
Code:
ATTFilter
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                    0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                             0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                          0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                             0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                              0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                 0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                          0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                             0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                  00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                             0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                             0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                    00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                               00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                            00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                  0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                               0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                  00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                   00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                            00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                           00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                              00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                            00000000777027e0 5 bytes JMP 00000001002d19f4
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                        00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                         00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                              0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                              0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                               0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                          0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                  0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                       00000000774eef8d 1 byte [62]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                    000007fefe256e00 5 bytes JMP 000007ff7e271dac
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                        000007fefe256f2c 5 bytes JMP 000007ff7e270ecc
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                        000007fefe257220 5 bytes JMP 000007ff7e271284
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                       000007fefe25739c 5 bytes JMP 000007ff7e27163c
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                       000007fefe257538 5 bytes JMP 000007ff7e2719f4
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                              000007fefe2575e8 5 bytes JMP 000007ff7e2703a4
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                              000007fefe25790c 5 bytes JMP 000007ff7e27075c
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3820] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                               000007fefe257ab4 5 bytes JMP 000007ff7e270b14
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                          00000000778afac0 5 bytes JMP 0000000100030600
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                              00000000778afb58 5 bytes JMP 0000000100030804
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                               00000000778afcb0 5 bytes JMP 0000000100030c0c
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                           00000000778b0038 5 bytes JMP 0000000100030a08
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                               00000000778b1920 5 bytes JMP 0000000100030e10
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                       00000000778cc4dd 5 bytes JMP 00000001000301f8
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                     00000000778d1287 5 bytes JMP 00000001000303fc
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                          0000000075efa2fd 1 byte [62]
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                       00000000759e5181 5 bytes JMP 0000000100211014
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                           00000000759e5254 5 bytes JMP 0000000100210804
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                           00000000759e53d5 5 bytes JMP 0000000100210a08
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                          00000000759e54c2 5 bytes JMP 0000000100210c0c
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                          00000000759e55e2 5 bytes JMP 0000000100210e10
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                 00000000759e567c 5 bytes JMP 00000001002101f8
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                 00000000759e589f 5 bytes JMP 00000001002103fc
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                  00000000759e5a22 5 bytes JMP 0000000100210600
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                 00000000770aee09 5 bytes JMP 00000001002201f8
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                  00000000770b3982 5 bytes JMP 00000001002203fc
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                               00000000770b7603 5 bytes JMP 0000000100220804
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                               00000000770b835c 5 bytes JMP 0000000100220600
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3960] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                             00000000770cf52b 5 bytes JMP 0000000100220a08
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                     00000000776d3b10 5 bytes JMP 00000001004c075c
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                       00000000776d7ac0 5 bytes JMP 00000001004c03a4
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                           0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                    00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                          0000000077701430 5 bytes JMP 00000001004c0b14
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                              0000000077701490 5 bytes JMP 00000001004c0ecc
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                    0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                         0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                               0000000077701570 5 bytes JMP 00000001004c163c
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                    0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                             0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                      00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                    0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                  0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                   0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                           00000000777017b0 5 bytes JMP 00000001004c1284
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                   0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                        0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                       0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                             0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                   0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                 0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                    0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                             0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                     00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                       00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                  00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                               00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                     0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                  0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                     00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                      00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                               00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                              00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                 00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                               00000000777027e0 5 bytes JMP 00000001004c19f4
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                           00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                            00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                 0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                 0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                  0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                             0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                     0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                          00000000774eef8d 1 byte [62]
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                       000007fefe256e00 5 bytes JMP 000007ff7e271dac
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                           000007fefe256f2c 5 bytes JMP 000007ff7e270ecc
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                           000007fefe257220 5 bytes JMP 000007ff7e271284
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                          000007fefe25739c 5 bytes JMP 000007ff7e27163c
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                          000007fefe257538 5 bytes JMP 000007ff7e2719f4
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                 000007fefe2575e8 5 bytes JMP 000007ff7e2703a4
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                 000007fefe25790c 5 bytes JMP 000007ff7e27075c
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3648] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                  000007fefe257ab4 5 bytes JMP 000007ff7e270b14
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                               00000000778afac0 5 bytes JMP 0000000100030600
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                   00000000778afb58 5 bytes JMP 0000000100030804
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                    00000000778afcb0 5 bytes JMP 0000000100030c0c
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                00000000778b0038 5 bytes JMP 0000000100030a08
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                    00000000778b1920 5 bytes JMP 0000000100030e10
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                            00000000778cc4dd 5 bytes JMP 00000001000301f8
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                          00000000778d1287 5 bytes JMP 00000001000303fc
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                               0000000075efa2fd 1 byte [62]
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                            00000000759e5181 5 bytes JMP 00000001000b1014
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                00000000759e5254 5 bytes JMP 00000001000b0804
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                00000000759e53d5 5 bytes JMP 00000001000b0a08
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                               00000000759e54c2 5 bytes JMP 00000001000b0c0c
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                               00000000759e55e2 5 bytes JMP 00000001000b0e10
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                      00000000759e567c 5 bytes JMP 00000001000b01f8
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                      00000000759e589f 5 bytes JMP 00000001000b03fc
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                       00000000759e5a22 5 bytes JMP 00000001000b0600
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                      00000000770aee09 5 bytes JMP 00000001001801f8
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                       00000000770b3982 5 bytes JMP 00000001001803fc
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                    00000000770b7603 5 bytes JMP 0000000100180804
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                    00000000770b835c 5 bytes JMP 0000000100180600
.text  D:\Program Files (x86)\VMWare\vmware-hostd.exe[3844] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                  00000000770cf52b 5 bytes JMP 0000000100180a08
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory     00000000778afac0 5 bytes JMP 0000000100030600
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory         00000000778afb58 5 bytes JMP 0000000100030804
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess          00000000778afcb0 5 bytes JMP 0000000100030c0c
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory      00000000778b0038 5 bytes JMP 0000000100030a08
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread          00000000778b1920 5 bytes JMP 0000000100030e10
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                  00000000778cc4dd 5 bytes JMP 00000001000301f8
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                00000000778d1287 5 bytes JMP 00000001000303fc
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112     0000000075efa2fd 1 byte [62]
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\syswow64\USER32.dll!SetWinEventHook            00000000770aee09 5 bytes JMP 00000001000a01f8
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\syswow64\USER32.dll!UnhookWinEvent             00000000770b3982 5 bytes JMP 00000001000a03fc
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW          00000000770b7603 5 bytes JMP 00000001000a0804
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA          00000000770b835c 5 bytes JMP 00000001000a0600
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx        00000000770cf52b 5 bytes JMP 00000001000a0a08
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity  00000000759e5181 5 bytes JMP 00000001000b1014
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA      00000000759e5254 5 bytes JMP 00000001000b0804
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW      00000000759e53d5 5 bytes JMP 00000001000b0a08
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A     00000000759e54c2 5 bytes JMP 00000001000b0c0c
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W     00000000759e55e2 5 bytes JMP 00000001000b0e10
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\SysWOW64\sechost.dll!CreateServiceA            00000000759e567c 5 bytes JMP 00000001000b01f8
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\SysWOW64\sechost.dll!CreateServiceW            00000000759e589f 5 bytes JMP 00000001000b03fc
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1240] C:\Windows\SysWOW64\sechost.dll!DeleteService             00000000759e5a22 5 bytes JMP 00000001000b0600
.text  C:\Program Files\AVAST Software\Avast\AvastUI.exe[3888] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                            0000000075efa2fd 1 byte [62]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                        00000000778afac0 5 bytes JMP 0000000100030600
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                            00000000778afb58 5 bytes JMP 0000000100030804
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                             00000000778afcb0 5 bytes JMP 0000000100030c0c
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                         00000000778b0038 5 bytes JMP 0000000100030a08
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                             00000000778b1920 5 bytes JMP 0000000100030e10
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                     00000000778cc4dd 5 bytes JMP 00000001000301f8
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                   00000000778d1287 5 bytes JMP 00000001000303fc
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                        0000000075efa2fd 1 byte [62]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                                     00000000759e5181 5 bytes JMP 0000000100191014
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                         00000000759e5254 5 bytes JMP 0000000100190804
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                         00000000759e53d5 5 bytes JMP 0000000100190a08
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                        00000000759e54c2 5 bytes JMP 0000000100190c0c
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                        00000000759e55e2 5 bytes JMP 0000000100190e10
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                               00000000759e567c 5 bytes JMP 00000001001901f8
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                               00000000759e589f 5 bytes JMP 00000001001903fc
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                                00000000759e5a22 5 bytes JMP 0000000100190600
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                               00000000770aee09 5 bytes JMP 00000001001a01f8
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                                00000000770b3982 5 bytes JMP 00000001001a03fc
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                             00000000770b7603 5 bytes JMP 00000001001a0804
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                             00000000770b835c 5 bytes JMP 00000001001a0600
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[3540] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                           00000000770cf52b 5 bytes JMP 00000001001a0a08
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                      00000000778afac0 5 bytes JMP 0000000100030600
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                          00000000778afb58 5 bytes JMP 0000000100030804
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                           00000000778afcb0 5 bytes JMP 0000000100030c0c
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                       00000000778b0038 5 bytes JMP 0000000100030a08
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                           00000000778b1920 5 bytes JMP 0000000100030e10
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                   00000000778cc4dd 5 bytes JMP 00000001000301f8
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                 00000000778d1287 5 bytes JMP 00000001000303fc
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                      0000000075efa2fd 1 byte [62]
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                             00000000770aee09 5 bytes JMP 00000001002301f8
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                              00000000770b3982 5 bytes JMP 00000001002303fc
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                           00000000770b7603 5 bytes JMP 0000000100230804
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                           00000000770b835c 5 bytes JMP 0000000100230600
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                         00000000770cf52b 5 bytes JMP 0000000100230a08
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                                   00000000759e5181 5 bytes JMP 0000000100241014
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                       00000000759e5254 5 bytes JMP 0000000100240804
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                       00000000759e53d5 5 bytes JMP 0000000100240a08
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                      00000000759e54c2 5 bytes JMP 0000000100240c0c
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                      00000000759e55e2 5 bytes JMP 0000000100240e10
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                             00000000759e567c 5 bytes JMP 00000001002401f8
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                             00000000759e589f 5 bytes JMP 00000001002403fc
.text  D:\Programme 32\FreePDF_XP\fpassist.exe[3980] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                              00000000759e5a22 5 bytes JMP 0000000100240600
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                   00000000776d3b10 5 bytes JMP 000000010016075c
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                     00000000776d7ac0 5 bytes JMP 00000001001603a4
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                         0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                  00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                        0000000077701430 5 bytes JMP 0000000100160b14
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                            0000000077701490 5 bytes JMP 0000000100160ecc
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                  0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                       0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                             0000000077701570 5 bytes JMP 000000010016163c
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                  0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                           0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                              0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                    00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                  0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                 0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                         00000000777017b0 5 bytes JMP 0000000100161284
.
GMER Teil 3
Code:
ATTFilter
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                              00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                 0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                      0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                     0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                              0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                           0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                 0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                              0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                               0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                  0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                           0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                              0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                   00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                              0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                              0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                     00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                             00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                   0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                   00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                    00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                             00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                            00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                               00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                             00000000777027e0 5 bytes JMP 00000001001619f4
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                         00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                          00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                               0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                               0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                           0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                   0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                     000007fefe256e00 5 bytes JMP 000007ff7e271dac
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                         000007fefe256f2c 5 bytes JMP 000007ff7e270ecc
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                         000007fefe257220 5 bytes JMP 000007ff7e271284
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                        000007fefe25739c 5 bytes JMP 000007ff7e27163c
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                        000007fefe257538 5 bytes JMP 000007ff7e2719f4
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                               000007fefe2575e8 5 bytes JMP 000007ff7e2703a4
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                               000007fefe25790c 5 bytes JMP 000007ff7e27075c
.text  C:\Windows\system32\SearchIndexer.exe[4172] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                000007fefe257ab4 5 bytes JMP 000007ff7e270b14
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                         00000000776d3b10 5 bytes JMP 00000001001a075c
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                           00000000776d7ac0 5 bytes JMP 00000001001a03a4
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                               0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                        00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                              0000000077701430 5 bytes JMP 00000001001a0b14
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                  0000000077701490 5 bytes JMP 00000001001a0ecc
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                        0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                             0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                   0000000077701570 5 bytes JMP 00000001001a163c
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                        0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                 0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                    0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                          00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                        0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                      0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                       0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                               00000000777017b0 5 bytes JMP 00000001001a1284
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                    00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                       0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                            0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                           0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                    0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                 0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                       0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                    0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                     0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                        0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                 0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                    0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                         00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                    0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                    0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                           00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                      00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                   00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                         0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                      0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                         00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                          00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                   00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                  00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                     00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                   00000000777027e0 5 bytes JMP 00000001001a19f4
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                               00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                     0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                     0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                      0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                 0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                         0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                              00000000774eef8d 1 byte [62]
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                           000007fefe256e00 5 bytes JMP 000007ff7e271dac
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                               000007fefe256f2c 5 bytes JMP 000007ff7e270ecc
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                               000007fefe257220 5 bytes JMP 000007ff7e271284
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                              000007fefe25739c 5 bytes JMP 000007ff7e27163c
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                              000007fefe257538 5 bytes JMP 000007ff7e2719f4
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                     000007fefe2575e8 5 bytes JMP 000007ff7e2703a4
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                     000007fefe25790c 5 bytes JMP 000007ff7e27075c
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4288] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                      000007fefe257ab4 5 bytes JMP 000007ff7e270b14
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                         00000000776d3b10 5 bytes JMP 000000010031075c
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                           00000000776d7ac0 5 bytes JMP 00000001003103a4
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                               0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                        00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                              0000000077701430 5 bytes JMP 0000000100310b14
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                  0000000077701490 5 bytes JMP 0000000100310ecc
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                        0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                             0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                   0000000077701570 5 bytes JMP 000000010031163c
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                        0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                 0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                    0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                          00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                        0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                      0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                       0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                               00000000777017b0 5 bytes JMP 0000000100311284
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                    00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                       0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                            0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                           0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                    0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                 0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                       0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                    0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                     0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                        0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                 0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                    0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                         00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                    0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                    0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                           00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                      00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                   00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                         0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                      0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                         00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                          00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                   00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                  00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                     00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                   00000000777027e0 5 bytes JMP 00000001003119f4
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                               00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                     0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                     0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                      0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                 0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                         0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                              00000000774eef8d 1 byte [62]
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                           000007fefe256e00 5 bytes JMP 000007ff7e271dac
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                               000007fefe256f2c 5 bytes JMP 000007ff7e270ecc
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                               000007fefe257220 5 bytes JMP 000007ff7e271284
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                              000007fefe25739c 5 bytes JMP 000007ff7e27163c
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                              000007fefe257538 5 bytes JMP 000007ff7e2719f4
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                     000007fefe2575e8 5 bytes JMP 000007ff7e2703a4
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                     000007fefe25790c 5 bytes JMP 000007ff7e27075c
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4464] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                      000007fefe257ab4 5 bytes JMP 000007ff7e270b14
.text  C:\Windows\system32\conhost.exe[4524] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                           000007fefe256e00 5 bytes JMP 000007ff7e271dac
.text  C:\Windows\system32\conhost.exe[4524] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                               000007fefe256f2c 5 bytes JMP 000007ff7e270ecc
.text  C:\Windows\system32\conhost.exe[4524] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                               000007fefe257220 5 bytes JMP 000007ff7e271284
.text  C:\Windows\system32\conhost.exe[4524] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                              000007fefe25739c 5 bytes JMP 000007ff7e27163c
.text  C:\Windows\system32\conhost.exe[4524] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                              000007fefe257538 5 bytes JMP 000007ff7e2719f4
.text  C:\Windows\system32\conhost.exe[4524] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                     000007fefe2575e8 5 bytes JMP 000007ff7e2703a4
.text  C:\Windows\system32\conhost.exe[4524] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                     000007fefe25790c 5 bytes JMP 000007ff7e27075c
.text  C:\Windows\system32\conhost.exe[4524] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                      000007fefe257ab4 5 bytes JMP 000007ff7e270b14
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                         00000000776d3b10 5 bytes JMP 000000010029075c
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                           00000000776d7ac0 5 bytes JMP 00000001002903a4
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                              0000000077701430 3 bytes JMP 0000000100290b14
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4                                                                          0000000077701434 1 byte [88]
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                  0000000077701490 3 bytes JMP 0000000100290ecc
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4                                                                              0000000077701494 1 byte [88]
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077701570 5 bytes JMP 000000010029163c
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                               00000000777017b0 3 bytes JMP 0000000100291284
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4                                                                           00000000777017b4 1 byte [88]
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   00000000777027e0 3 bytes JMP 00000001002919f4
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4                                                                               00000000777027e4 1 byte [88]
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                              00000000774eef8d 1 byte [62]
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                           000007fefe256e00 5 bytes JMP 000007ff7e271dac
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                               000007fefe256f2c 5 bytes JMP 000007ff7e270ecc
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                               000007fefe257220 5 bytes JMP 000007ff7e271284
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                              000007fefe25739c 5 bytes JMP 000007ff7e27163c
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                              000007fefe257538 5 bytes JMP 000007ff7e2719f4
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                     000007fefe2575e8 5 bytes JMP 000007ff7e2703a4
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                     000007fefe25790c 5 bytes JMP 000007ff7e27075c
.text  C:\Windows\system32\conhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                      000007fefe257ab4 5 bytes JMP 000007ff7e270b14
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                         00000000776d3b10 5 bytes JMP 00000001003b075c
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                           00000000776d7ac0 5 bytes JMP 00000001003b03a4
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077701360 5 bytes JMP 0000000100070460
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        00000000777013b0 5 bytes JMP 0000000100070450
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                              0000000077701430 5 bytes JMP 00000001003b0b14
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                  0000000077701490 5 bytes JMP 00000001003b0ecc
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077701510 5 bytes JMP 0000000100070370
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077701560 5 bytes JMP 0000000100070470
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077701570 5 bytes JMP 00000001003b163c
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077701620 5 bytes JMP 0000000100070320
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077701650 5 bytes JMP 00000001000703b0
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077701670 5 bytes JMP 0000000100070390
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          00000000777016b0 5 bytes JMP 00000001000702e0
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077701730 5 bytes JMP 00000001000702d0
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077701750 5 bytes JMP 0000000100070310
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077701790 5 bytes JMP 00000001000703c0
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                               00000000777017b0 5 bytes JMP 00000001003b1284
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    00000000777017e0 5 bytes JMP 00000001000703f0
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077701940 5 bytes JMP 0000000100070230
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077701b00 5 bytes JMP 0000000100070480
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077701b30 5 bytes JMP 00000001000703a0
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077701c10 5 bytes JMP 00000001000702f0
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077701c20 5 bytes JMP 0000000100070350
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077701c80 5 bytes JMP 0000000100070290
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077701d10 5 bytes JMP 00000001000702b0
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077701d30 5 bytes JMP 00000001000703d0
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077701d40 5 bytes JMP 0000000100070330
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077701db0 5 bytes JMP 0000000100070410
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077701de0 5 bytes JMP 0000000100070240
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         00000000777020a0 5 bytes JMP 00000001000701e0
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077702160 5 bytes JMP 0000000100070250
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077702190 5 bytes JMP 0000000100070490
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           00000000777021a0 5 bytes JMP 00000001000704a0
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      00000000777021d0 5 bytes JMP 0000000100070300
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   00000000777021e0 5 bytes JMP 0000000100070360
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077702240 5 bytes JMP 00000001000702a0
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077702290 5 bytes JMP 00000001000702c0
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         00000000777022c0 5 bytes JMP 0000000100070380
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          00000000777022d0 5 bytes JMP 0000000100070340
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   00000000777025c0 5 bytes JMP 0000000100070440
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  00000000777027c0 5 bytes JMP 0000000100070260
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     00000000777027d0 5 bytes JMP 0000000100070270
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   00000000777027e0 5 bytes JMP 00000001003b19f4
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               00000000777029a0 5 bytes JMP 00000001000701f0
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                00000000777029b0 5 bytes JMP 0000000100070210
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077702a20 5 bytes JMP 0000000100070200
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077702a80 5 bytes JMP 0000000100070420
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077702a90 5 bytes JMP 0000000100070430
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077702aa0 5 bytes JMP 0000000100070220
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077702b80 5 bytes JMP 0000000100070280
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                           000007fefe256e00 5 bytes JMP 000007ff7e271dac
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                               000007fefe256f2c 5 bytes JMP 000007ff7e270ecc
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                               000007fefe257220 5 bytes JMP 000007ff7e271284
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                              000007fefe25739c 5 bytes JMP 000007ff7e27163c
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                              000007fefe257538 5 bytes JMP 000007ff7e2719f4
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                     000007fefe2575e8 5 bytes JMP 000007ff7e2703a4
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                     000007fefe25790c 5 bytes JMP 000007ff7e27075c
.text  C:\Windows\system32\svchost.exe[5028] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                      000007fefe257ab4 5 bytes JMP 000007ff7e270b14

Alt 12.08.2014, 20:23   #10
Change
 
Windows 7: Yawtix ads - Standard

Windows 7: Yawtix ads


GMER Teil 4
Code:
ATTFilter
.text  C:\Windows\system32\svchost.exe[4520] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                           000007fefe256e00 5 bytes JMP 000007ff7e271dac
.text  C:\Windows\system32\svchost.exe[4520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                               000007fefe256f2c 5 bytes JMP 000007ff7e270ecc
.text  C:\Windows\system32\svchost.exe[4520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                               000007fefe257220 5 bytes JMP 000007ff7e271284
.text  C:\Windows\system32\svchost.exe[4520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                              000007fefe25739c 5 bytes JMP 000007ff7e27163c
.text  C:\Windows\system32\svchost.exe[4520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                              000007fefe257538 5 bytes JMP 000007ff7e2719f4
.text  C:\Windows\system32\svchost.exe[4520] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                     000007fefe2575e8 5 bytes JMP 000007ff7e2703a4
.text  C:\Windows\system32\svchost.exe[4520] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                     000007fefe25790c 5 bytes JMP 000007ff7e27075c
.text  C:\Windows\system32\svchost.exe[4520] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                      000007fefe257ab4 5 bytes JMP 000007ff7e270b14
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                         00000000776d3b10 5 bytes JMP 000000010024075c
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                           00000000776d7ac0 5 bytes JMP 00000001002403a4
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                              0000000077701430 5 bytes JMP 0000000100240b14
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                  0000000077701490 5 bytes JMP 0000000100240ecc
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077701570 5 bytes JMP 000000010024163c
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                               00000000777017b0 5 bytes JMP 0000000100241284
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   00000000777027e0 5 bytes JMP 00000001002419f4
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                           000007fefe256e00 5 bytes JMP 000007ff7e271dac
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                               000007fefe256f2c 5 bytes JMP 000007ff7e270ecc
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                               000007fefe257220 5 bytes JMP 000007ff7e271284
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                              000007fefe25739c 5 bytes JMP 000007ff7e27163c
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                              000007fefe257538 5 bytes JMP 000007ff7e2719f4
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                     000007fefe2575e8 5 bytes JMP 000007ff7e2703a4
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                     000007fefe25790c 5 bytes JMP 000007ff7e27075c
.text  C:\Windows\system32\svchost.exe[4928] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                      000007fefe257ab4 5 bytes JMP 000007ff7e270b14
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                         00000000776d3b10 5 bytes JMP 00000001002a075c
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                           00000000776d7ac0 5 bytes JMP 00000001002a03a4
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                              0000000077701430 5 bytes JMP 00000001002a0b14
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                  0000000077701490 5 bytes JMP 00000001002a0ecc
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077701570 5 bytes JMP 00000001002a163c
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                               00000000777017b0 5 bytes JMP 00000001002a1284
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   00000000777027e0 5 bytes JMP 00000001002a19f4
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                           000007fefe256e00 5 bytes JMP 000007ff7e271dac
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                               000007fefe256f2c 5 bytes JMP 000007ff7e270ecc
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                               000007fefe257220 5 bytes JMP 000007ff7e271284
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                              000007fefe25739c 5 bytes JMP 000007ff7e27163c
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                              000007fefe257538 5 bytes JMP 000007ff7e2719f4
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                     000007fefe2575e8 5 bytes JMP 000007ff7e2703a4
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                     000007fefe25790c 5 bytes JMP 000007ff7e27075c
.text  C:\Windows\System32\svchost.exe[3704] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                      000007fefe257ab4 5 bytes JMP 000007ff7e270b14
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[5836] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                           00000000774eef8d 1 byte [62]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                               00000000778afac0 5 bytes JMP 0000000100030600
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                   00000000778afb58 5 bytes JMP 0000000100030804
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                    00000000778afcb0 5 bytes JMP 0000000100030c0c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                00000000778b0038 5 bytes JMP 0000000100030a08
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                    00000000778b1920 5 bytes JMP 0000000100030e10
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                            00000000778cc4dd 5 bytes JMP 00000001000301f8
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                          00000000778d1287 5 bytes JMP 00000001000303fc
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                               0000000075efa2fd 1 byte [62]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                            00000000759e5181 5 bytes JMP 00000001000d1014
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                00000000759e5254 5 bytes JMP 00000001000d0804
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                00000000759e53d5 5 bytes JMP 00000001000d0a08
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                               00000000759e54c2 5 bytes JMP 00000001000d0c0c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                               00000000759e55e2 5 bytes JMP 00000001000d0e10
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                      00000000759e567c 5 bytes JMP 00000001000d01f8
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                      00000000759e589f 5 bytes JMP 00000001000d03fc
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\SysWOW64\sechost.dll!DeleteService                                       00000000759e5a22 5 bytes JMP 00000001000d0600
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                      00000000770aee09 5 bytes JMP 00000001000e01f8
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                       00000000770b3982 5 bytes JMP 00000001000e03fc
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                    00000000770b7603 5 bytes JMP 00000001000e0804
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                    00000000770b835c 5 bytes JMP 00000001000e0600
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6732] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                  00000000770cf52b 5 bytes JMP 00000001000e0a08
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                       00000000778afac0 5 bytes JMP 0000000100030600
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                           00000000778afb58 5 bytes JMP 0000000100030804
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                            00000000778afcb0 5 bytes JMP 0000000100030c0c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                        00000000778b0038 5 bytes JMP 0000000100030a08
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                            00000000778b1920 5 bytes JMP 0000000100030e10
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                    00000000778cc4dd 5 bytes JMP 00000001000301f8
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                  00000000778d1287 5 bytes JMP 00000001000303fc
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                       0000000075efa2fd 1 byte [62]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\syswow64\USER32.dll!SetWinEventHook                              00000000770aee09 5 bytes JMP 00000001001001f8
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                               00000000770b3982 5 bytes JMP 00000001001003fc
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                            00000000770b7603 5 bytes JMP 0000000100100804
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                            00000000770b835c 5 bytes JMP 0000000100100600
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                          00000000770cf52b 5 bytes JMP 0000000100100a08
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                    00000000759e5181 5 bytes JMP 0000000100111014
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                        00000000759e5254 5 bytes JMP 0000000100110804
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                        00000000759e53d5 5 bytes JMP 0000000100110a08
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                       00000000759e54c2 5 bytes JMP 0000000100110c0c
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                       00000000759e55e2 5 bytes JMP 0000000100110e10
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                              00000000759e567c 5 bytes JMP 00000001001101f8
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                              00000000759e589f 5 bytes JMP 00000001001103fc
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2280] C:\Windows\SysWOW64\sechost.dll!DeleteService                               00000000759e5a22 5 bytes JMP 0000000100110600
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                         00000000776d3b10 5 bytes JMP 000000010027075c
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                           00000000776d7ac0 5 bytes JMP 00000001002703a4
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                              0000000077701430 5 bytes JMP 0000000100270b14
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                  0000000077701490 5 bytes JMP 0000000100270ecc
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077701570 5 bytes JMP 000000010027163c
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                               00000000777017b0 5 bytes JMP 0000000100271284
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   00000000777027e0 5 bytes JMP 00000001002719f4
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                              00000000774eef8d 1 byte [62]
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                           000007fefe256e00 5 bytes JMP 000007ff7e271dac
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                               000007fefe256f2c 5 bytes JMP 000007ff7e270ecc
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                               000007fefe257220 5 bytes JMP 000007ff7e271284
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                              000007fefe25739c 5 bytes JMP 000007ff7e27163c
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                              000007fefe257538 5 bytes JMP 000007ff7e2719f4
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                                     000007fefe2575e8 5 bytes JMP 000007ff7e2703a4
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                                     000007fefe25790c 5 bytes JMP 000007ff7e27075c
.text  C:\Windows\System32\svchost.exe[2852] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                                      000007fefe257ab4 5 bytes JMP 000007ff7e270b14
.text  C:\Windows\servicing\TrustedInstaller.exe[2732] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                 000007fefe256e00 5 bytes JMP 000007ff7e271dac
.text  C:\Windows\servicing\TrustedInstaller.exe[2732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                     000007fefe256f2c 5 bytes JMP 000007ff7e270ecc
.text  C:\Windows\servicing\TrustedInstaller.exe[2732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                     000007fefe257220 5 bytes JMP 000007ff7e271284
.text  C:\Windows\servicing\TrustedInstaller.exe[2732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                    000007fefe25739c 5 bytes JMP 000007ff7e27163c
.text  C:\Windows\servicing\TrustedInstaller.exe[2732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                    000007fefe257538 5 bytes JMP 000007ff7e2719f4
.text  C:\Windows\servicing\TrustedInstaller.exe[2732] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                           000007fefe2575e8 5 bytes JMP 000007ff7e2703a4
.text  C:\Windows\servicing\TrustedInstaller.exe[2732] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                           000007fefe25790c 5 bytes JMP 000007ff7e27075c
.text  C:\Windows\servicing\TrustedInstaller.exe[2732] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                            000007fefe257ab4 5 bytes JMP 000007ff7e270b14
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                               00000000778afac0 5 bytes JMP 0000000100030600
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                   00000000778afb58 5 bytes JMP 0000000100030804
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                    00000000778afcb0 5 bytes JMP 0000000100030c0c
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                00000000778b0038 5 bytes JMP 0000000100030a08
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                    00000000778b1920 5 bytes JMP 0000000100030e10
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                            00000000778cc4dd 5 bytes JMP 00000001000301f8
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                          00000000778d1287 5 bytes JMP 00000001000303fc
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                               0000000075efa2fd 1 byte [62]
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                      00000000770aee09 5 bytes JMP 00000001000901f8
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                                       00000000770b3982 5 bytes JMP 00000001000903fc
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                    00000000770b7603 5 bytes JMP 0000000100090804
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                    00000000770b835c 5 bytes JMP 0000000100090600
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                  00000000770cf52b 5 bytes JMP 0000000100090a08
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                                            00000000759e5181 5 bytes JMP 00000001000a1014
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                                00000000759e5254 5 bytes JMP 00000001000a0804
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                                00000000759e53d5 5 bytes JMP 00000001000a0a08
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                               00000000759e54c2 5 bytes JMP 00000001000a0c0c
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                               00000000759e55e2 5 bytes JMP 00000001000a0e10
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                                      00000000759e567c 5 bytes JMP 00000001000a01f8
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                                      00000000759e589f 5 bytes JMP 00000001000a03fc
.text  C:\Windows\SysWOW64\ctfmon.exe[3688] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                                       00000000759e5a22 5 bytes JMP 00000001000a0600
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                             00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        0000000077701570 5 bytes JMP 00000000778603e0
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                             0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                           0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                            0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                              00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        00000000777027e0 5 bytes JMP 0000000077860400
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Windows\system32\SearchProtocolHost.exe[6588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                              0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      0000000077701360 5 bytes JMP 0000000077860460
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                               00000000777013b0 5 bytes JMP 0000000077860450
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               0000000077701510 5 bytes JMP 0000000077860370
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    0000000077701560 5 bytes JMP 0000000077860470
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          0000000077701570 5 bytes JMP 00000000778603e0
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                               0000000077701620 5 bytes JMP 0000000077860320
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077701650 5 bytes JMP 00000000778603b0
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           0000000077701670 5 bytes JMP 0000000077860390
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 00000000777016b0 5 bytes JMP 00000000778602e0
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               0000000077701730 5 bytes JMP 00000000778602d0
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                             0000000077701750 5 bytes JMP 0000000077860310
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                              0000000077701790 5 bytes JMP 00000000778603c0
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           00000000777017e0 5 bytes JMP 00000000778603f0
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              0000000077701940 5 bytes JMP 0000000077860230
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   0000000077701b00 5 bytes JMP 0000000077860480
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  0000000077701b30 5 bytes JMP 00000000778603a0
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           0000000077701c10 5 bytes JMP 00000000778602f0
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        0000000077701c20 5 bytes JMP 0000000077860350
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              0000000077701c80 5 bytes JMP 0000000077860290
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           0000000077701d10 5 bytes JMP 00000000778602b0
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077701d30 5 bytes JMP 00000000778603d0
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               0000000077701d40 5 bytes JMP 0000000077860330
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        0000000077701db0 5 bytes JMP 0000000077860410
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           0000000077701de0 5 bytes JMP 0000000077860240
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                00000000777020a0 5 bytes JMP 00000000778601e0
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           0000000077702160 5 bytes JMP 0000000077860250
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           0000000077702190 5 bytes JMP 0000000077860490
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  00000000777021a0 5 bytes JMP 00000000778604a0
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             00000000777021d0 5 bytes JMP 0000000077860300
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          00000000777021e0 5 bytes JMP 0000000077860360
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                0000000077702240 5 bytes JMP 00000000778602a0
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             0000000077702290 5 bytes JMP 00000000778602c0
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                00000000777022c0 5 bytes JMP 0000000077860380
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 00000000777022d0 5 bytes JMP 0000000077860340
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          00000000777025c0 5 bytes JMP 0000000077860440
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         00000000777027c0 5 bytes JMP 0000000077860260
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            00000000777027d0 5 bytes JMP 0000000077860270
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000777027e0 5 bytes JMP 0000000077860400
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      00000000777029a0 5 bytes JMP 00000000778601f0
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       00000000777029b0 5 bytes JMP 0000000077860210
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            0000000077702a20 5 bytes JMP 0000000077860200
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            0000000077702a80 5 bytes JMP 0000000077860420
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             0000000077702a90 5 bytes JMP 0000000077860430
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        0000000077702aa0 5 bytes JMP 0000000077860220
.text  C:\Windows\system32\SearchFilterHost.exe[6440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                0000000077702b80 5 bytes JMP 0000000077860280
.text  C:\Users\Jonas\Desktop\Scan\Gmer-19357.exe[5728] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                   0000000075efa2fd 1 byte [62]

---- EOF - GMER 2.1 ----

Alt 13.08.2014, 11:33   #11
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Yawtix ads - Standard

Windows 7: Yawtix ads


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.08.2014, 12:34   #12
Change
 
Windows 7: Yawtix ads - Standard

Windows 7: Yawtix ads


AdwCleaner
Code:
ATTFilter
# AdwCleaner v3.304 - Bericht erstellt am 13/08/2014 um 13:16:52
# Aktualisiert 08/08/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Jonas - JONAS-PC
# Gestartet von : C:\Users\Jonas\Desktop\adwcleaner_3.304.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : AppleChargerSrv

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\QuickSet
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\Users\Jonas\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Jonas\Documents\PC Speed Maximizer
Datei Gelöscht : C:\Windows\System32\AppleChargerSrv.exe
Datei Gelöscht : C:\Users\Jonas\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Uniblue

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1967 octets] - [13/08/2014 13:16:31]
AdwCleaner[S0].txt - [1739 octets] - [13/08/2014 13:16:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1799 octets] ##########
JRT (musste nach einem verdächtigen Modul welches er löschen wollte neu starten)
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x64
Ran by Jonas on 13.08.2014 at 13:21:01,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.08.2014 at 13:23:50,75
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by Jonas (administrator) on JONAS-PC on 13-08-2014 13:25:08
Running from C:\Users\Jonas\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(shbox.de) D:\Programme 32\FreePDF_XP\fpassist.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [FreePDF Assistant] => D:\Programme 32\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2447308508-773045781-2490511535-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2447308508-773045781-2490511535-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-2447308508-773045781-2490511535-1000\...\MountPoints2: {1dc98824-26f0-11e3-b095-94de80b85b53} - G:\autorun.exe
HKU\S-1-5-21-2447308508-773045781-2490511535-1000\...\MountPoints2: {a192af66-fc43-11e3-93fe-94de80b85b53} - G:\setup.exe
HKU\S-1-5-21-2447308508-773045781-2490511535-1000\...\MountPoints2: {f61e4471-fcac-11e3-af77-94de80b85b53} - G:\AoKSetup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} =>  No File
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} =>  No File
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x56C9E06BEEBACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
StartMenuInternet: IEXPLORE.EXE - D:\Programme\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default
FF Homepage: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> D:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> D:\Programme\VLC Player\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\Programme\VLC Player\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> D:\Programme\VLC Player\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: Battlefield Play4Free - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\Extensions\battlefieldplay4free@ea.com [2013-11-27]
FF Extension: Html Validator - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2014-06-16]
FF Extension: Firebug - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\Extensions\firebug@software.joehewitt.com.xpi [2013-09-26]
FF Extension: Ghostery - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\Extensions\firefox@ghostery.com.xpi [2014-01-20]
FF Extension: Firepicker - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\Extensions\firepicker@thedarkone.xpi [2013-12-03]
FF Extension: {3b49186e-e6b2-4341-903b-93de5bf62889} - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\Extensions\{3b49186e-e6b2-4341-903b-93de5bf62889}.xpi [2013-11-07]
FF Extension: Unity Web Player Plugin Light - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\Extensions\{6d94ccdc-4e75-40eb-8e5e-17a8dffdf5bf}.xpi [2013-11-07]
FF Extension: Adblock Plus - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\hurdl8zv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-27]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - D:\Programme 32\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Wallet) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-01-07] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-01-07] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-28] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-16] ()
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-25] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2000-01-01] (Synaptics Incorporated)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2013-07-19] (Creative Technology Ltd.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] ()
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 13:25 - 2014-08-13 13:25 - 00025661 _____ () C:\Users\Jonas\Desktop\FRST.txt
2014-08-13 13:24 - 2014-08-13 13:24 - 00000000 ____D () C:\Users\Jonas\Desktop\FRST-OlderVersion
2014-08-13 13:23 - 2014-08-13 13:23 - 00000718 _____ () C:\Users\Jonas\Desktop\JRT.txt
2014-08-13 13:18 - 2014-08-13 13:18 - 00000000 ____D () C:\Windows\ERUNT
2014-08-13 13:16 - 2014-08-13 13:16 - 00000000 ____D () C:\AdwCleaner
2014-08-13 13:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-13 12:37 - 2014-08-13 12:37 - 01366203 _____ () C:\Users\Jonas\Desktop\adwcleaner_3.304.exe
2014-08-13 12:37 - 2014-08-13 12:37 - 01016261 _____ (Thisisu) C:\Users\Jonas\Desktop\JRT.exe
2014-08-12 22:36 - 2014-08-12 22:36 - 06004615 _____ (Tim Kosse) C:\Users\Jonas\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-12 19:50 - 2014-08-12 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2014-08-12 12:23 - 2014-08-12 12:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-08-12 11:04 - 2014-08-12 11:04 - 00000678 _____ () C:\Users\Jonas\Desktop\PROJEKTE.lnk
2014-08-12 00:18 - 2014-08-12 20:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 00:18 - 2014-08-12 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-12 00:18 - 2014-08-12 00:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-12 00:18 - 2014-08-12 00:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-12 00:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-12 00:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-12 00:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-12 00:04 - 2014-08-12 00:04 - 00000000 _____ () C:\Users\Jonas\defogger_reenable
2014-08-11 23:27 - 2014-08-12 00:41 - 00000000 ____D () C:\Users\Jonas\Desktop\Scan
2014-08-11 23:03 - 2014-08-13 13:25 - 00000000 ____D () C:\FRST
2014-08-11 23:02 - 2014-08-13 13:24 - 02100224 _____ (Farbar) C:\Users\Jonas\Desktop\FRST64.exe
2014-08-11 19:14 - 2014-08-11 19:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-11 19:14 - 2014-08-11 19:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-08-11 19:12 - 2014-08-11 19:23 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\MyPhoneExplorer
2014-08-11 19:12 - 2014-08-11 19:12 - 00000000 ____D () C:\Users\Jonas\.android
2014-08-11 19:11 - 2014-08-11 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-02 22:25 - 2014-08-13 01:43 - 00000000 ____D () C:\Users\Jonas\Documents\FIFA World
2014-08-02 22:23 - 2014-08-02 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World
2014-08-01 20:44 - 2014-08-01 20:45 - 00000000 ____D () C:\Users\Jonas\Documents\New Unity Project
2014-08-01 20:43 - 2014-08-01 20:44 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Unity
2014-08-01 20:40 - 2014-08-12 11:06 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Unity
2014-08-01 20:40 - 2014-08-01 20:45 - 00000000 ____D () C:\ProgramData\Unity
2014-08-01 20:40 - 2014-08-01 20:40 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Apple Computer
2014-08-01 20:40 - 2014-08-01 20:40 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Apple Computer
2014-08-01 20:39 - 2014-08-12 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
2014-08-01 20:39 - 2014-08-01 20:39 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects
2014-08-01 15:06 - 2014-08-01 15:06 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-08-01 09:03 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 09:03 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 09:03 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 09:03 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 09:03 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 09:03 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 09:03 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 09:03 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 09:03 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 09:03 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 09:03 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 09:03 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 09:03 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 09:03 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 03:03 - 2014-07-02 19:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-07-30 03:02 - 2014-07-02 22:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-07-30 03:02 - 2014-07-02 22:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00391640 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-07-30 03:02 - 2014-07-02 22:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-07-19 14:32 - 2014-08-12 18:04 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\VMware
2014-07-19 14:32 - 2014-08-12 18:04 - 00000000 ____D () C:\Users\Jonas\AppData\Local\VMware
2014-07-19 14:16 - 2014-08-12 18:04 - 00000000 ____D () C:\ProgramData\VMware
2014-07-19 14:16 - 2014-07-19 14:16 - 00001024 _____ () C:\Windows\SysWOW64\%TMP%
2014-07-19 14:09 - 2014-07-15 16:16 - 00863528 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-07-19 14:09 - 2014-07-15 16:15 - 00129168 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-07-17 16:04 - 2014-07-17 16:04 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN Movie Creator
2014-07-17 16:04 - 2014-07-17 16:04 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-17 15:50 - 2014-07-21 02:06 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Sony
2014-07-17 15:49 - 2014-07-17 15:50 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Sony
2014-07-17 14:14 - 2014-07-25 11:39 - 00001017 _____ () C:\Users\Jonas\Desktop\Dropbox.lnk
2014-07-17 14:07 - 2014-08-13 13:21 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Dropbox
2014-07-17 14:07 - 2014-07-25 11:39 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-15 23:26 - 2014-04-07 13:07 - 06715624 _____ (TomTom International B.V.) C:\Users\Jonas\Downloads\InstallMyDriveConnect_3_3_0_1502.exe
2014-07-15 23:24 - 2014-07-15 23:24 - 00000000 ____D () C:\Users\Jonas\Documents\TomTom
2014-07-15 23:24 - 2014-07-15 23:24 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\TomTom
2014-07-15 23:23 - 2014-07-15 23:23 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Downloaded Installations
2014-07-15 16:15 - 2014-07-15 16:15 - 00142528 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-07-15 16:13 - 2014-07-15 16:13 - 00205352 ____N (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2014-07-14 22:47 - 2014-07-14 22:47 - 00293040 _____ () C:\Windows\Minidump\071414-5959-01.dmp
2014-07-14 00:54 - 2014-07-14 00:54 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Ubisoft

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 13:25 - 2014-08-13 13:25 - 00025661 _____ () C:\Users\Jonas\Desktop\FRST.txt
2014-08-13 13:25 - 2014-08-11 23:03 - 00000000 ____D () C:\FRST
2014-08-13 13:24 - 2014-08-13 13:24 - 00000000 ____D () C:\Users\Jonas\Desktop\FRST-OlderVersion
2014-08-13 13:24 - 2014-08-11 23:02 - 02100224 _____ (Farbar) C:\Users\Jonas\Desktop\FRST64.exe
2014-08-13 13:24 - 2013-09-26 20:11 - 01615930 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 13:23 - 2014-08-13 13:23 - 00000718 _____ () C:\Users\Jonas\Desktop\JRT.txt
2014-08-13 13:21 - 2014-07-17 14:07 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Dropbox
2014-08-13 13:21 - 2013-11-22 12:28 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-13 13:21 - 2013-10-16 21:01 - 00000000 ____D () C:\Users\Jonas\AppData\Local\FreePDF_XP
2014-08-13 13:21 - 2013-09-26 23:21 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Skype
2014-08-13 13:21 - 2009-07-14 06:51 - 00112004 _____ () C:\Windows\setupact.log
2014-08-13 13:20 - 2013-09-26 21:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-13 13:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 13:20 - 2009-07-14 06:45 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 13:20 - 2009-07-14 06:45 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 13:18 - 2014-08-13 13:18 - 00000000 ____D () C:\Windows\ERUNT
2014-08-13 13:17 - 2013-09-26 21:35 - 00210094 _____ () C:\Windows\PFRO.log
2014-08-13 13:16 - 2014-08-13 13:16 - 00000000 ____D () C:\AdwCleaner
2014-08-13 13:08 - 2013-09-29 16:19 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-08-13 13:08 - 2013-09-29 16:19 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-08-13 12:59 - 2013-11-22 12:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 12:37 - 2014-08-13 12:37 - 01366203 _____ () C:\Users\Jonas\Desktop\adwcleaner_3.304.exe
2014-08-13 12:37 - 2014-08-13 12:37 - 01016261 _____ (Thisisu) C:\Users\Jonas\Desktop\JRT.exe
2014-08-13 12:30 - 2013-10-12 14:30 - 00001456 _____ () C:\Users\Jonas\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-08-13 12:30 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-08-13 12:30 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-08-13 12:30 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-13 12:28 - 2013-09-28 13:18 - 00000000 ____D () C:\ProgramData\Origin
2014-08-13 02:46 - 2013-10-09 12:46 - 00000000 ____D () C:\Users\Jonas\AppData\Local\TGitCache
2014-08-13 02:43 - 2013-09-26 23:16 - 00000000 ___RD () C:\Users\Jonas\Desktop\Programme
2014-08-13 01:43 - 2014-08-02 22:25 - 00000000 ____D () C:\Users\Jonas\Documents\FIFA World
2014-08-12 22:43 - 2013-11-07 21:27 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\FileZilla
2014-08-12 22:36 - 2014-08-12 22:36 - 06004615 _____ (Tim Kosse) C:\Users\Jonas\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-12 21:47 - 2013-10-07 11:26 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\vlc
2014-08-12 20:36 - 2014-08-12 00:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 19:50 - 2014-08-12 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2014-08-12 18:04 - 2014-07-19 14:32 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\VMware
2014-08-12 18:04 - 2014-07-19 14:32 - 00000000 ____D () C:\Users\Jonas\AppData\Local\VMware
2014-08-12 18:04 - 2014-07-19 14:16 - 00000000 ____D () C:\ProgramData\VMware
2014-08-12 12:23 - 2014-08-12 12:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-08-12 11:12 - 2013-09-26 21:34 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-12 11:06 - 2014-08-01 20:40 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Unity
2014-08-12 11:05 - 2014-08-01 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
2014-08-12 11:04 - 2014-08-12 11:04 - 00000678 _____ () C:\Users\Jonas\Desktop\PROJEKTE.lnk
2014-08-12 00:41 - 2014-08-11 23:27 - 00000000 ____D () C:\Users\Jonas\Desktop\Scan
2014-08-12 00:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2014-08-12 00:18 - 2014-08-12 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-12 00:18 - 2014-08-12 00:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-12 00:18 - 2014-08-12 00:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-12 00:17 - 2009-07-14 04:34 - 00000540 _____ () C:\Windows\win.ini
2014-08-12 00:04 - 2014-08-12 00:04 - 00000000 _____ () C:\Users\Jonas\defogger_reenable
2014-08-12 00:04 - 2013-09-26 20:11 - 00000000 ____D () C:\Users\Jonas
2014-08-11 19:23 - 2014-08-11 19:12 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\MyPhoneExplorer
2014-08-11 19:14 - 2014-08-11 19:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-11 19:14 - 2014-08-11 19:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-08-11 19:12 - 2014-08-11 19:12 - 00000000 ____D () C:\Users\Jonas\.android
2014-08-11 19:11 - 2014-08-11 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-11 11:48 - 2013-12-09 20:32 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-09 20:49 - 2013-09-26 23:21 - 00000000 ____D () C:\ProgramData\Skype
2014-08-07 10:15 - 2013-09-27 00:54 - 00363706 _____ () C:\Windows\DirectX.log
2014-08-02 22:23 - 2014-08-02 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World
2014-08-02 22:23 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-02 15:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-01 20:45 - 2014-08-01 20:40 - 00000000 ____D () C:\ProgramData\Unity
2014-08-01 20:44 - 2014-08-01 20:43 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Unity
2014-08-01 20:40 - 2014-08-01 20:40 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Apple Computer
2014-08-01 20:40 - 2014-08-01 20:40 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Apple Computer
2014-08-01 20:39 - 2014-08-01 20:39 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects
2014-08-01 15:06 - 2014-08-01 15:06 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-07-31 12:16 - 2013-09-26 22:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 13:22 - 2013-09-26 23:45 - 00000000 ___RD () C:\Users\Jonas\Desktop\Spiele
2014-07-30 13:10 - 2014-06-25 23:15 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-07-30 03:08 - 2013-11-20 10:45 - 00000000 ____D () C:\Users\Jonas\AppData\Local\NVIDIA Corporation
2014-07-30 03:03 - 2013-09-26 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-30 03:03 - 2013-09-26 21:22 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-30 03:02 - 2013-09-26 21:22 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-25 15:50 - 2014-06-03 08:11 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-07-25 15:50 - 2014-06-03 08:11 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-07-25 15:50 - 2013-11-07 22:20 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-07-25 15:50 - 2013-11-07 22:20 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-07-25 11:39 - 2014-07-17 14:14 - 00001017 _____ () C:\Users\Jonas\Desktop\Dropbox.lnk
2014-07-25 11:39 - 2014-07-17 14:07 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-21 12:40 - 2014-06-16 11:40 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Adobe
2014-07-21 02:06 - 2014-07-17 15:50 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Sony
2014-07-19 14:16 - 2014-07-19 14:16 - 00001024 _____ () C:\Windows\SysWOW64\%TMP%
2014-07-19 14:16 - 2013-09-26 21:21 - 01648846 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-17 16:04 - 2014-07-17 16:04 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN Movie Creator
2014-07-17 16:04 - 2014-07-17 16:04 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-17 15:50 - 2014-07-17 15:49 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Sony
2014-07-15 23:35 - 2014-01-08 01:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-07-15 23:24 - 2014-07-15 23:24 - 00000000 ____D () C:\Users\Jonas\Documents\TomTom
2014-07-15 23:24 - 2014-07-15 23:24 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\TomTom
2014-07-15 23:24 - 2014-01-08 01:53 - 00000000 ____D () C:\Users\Jonas\AppData\Local\TomTom
2014-07-15 23:24 - 2014-01-08 01:53 - 00000000 ____D () C:\Program Files (x86)\TomTom International B.V
2014-07-15 23:23 - 2014-07-15 23:23 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Downloaded Installations
2014-07-15 16:16 - 2014-07-19 14:09 - 00863528 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-07-15 16:15 - 2014-07-19 14:09 - 00129168 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-07-15 16:15 - 2014-07-15 16:15 - 00142528 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-07-15 16:13 - 2014-07-15 16:13 - 00205352 ____N (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2014-07-14 22:47 - 2014-07-14 22:47 - 00293040 _____ () C:\Windows\Minidump\071414-5959-01.dmp
2014-07-14 22:47 - 2014-01-30 21:39 - 00000000 ____D () C:\Windows\Minidump
2014-07-14 00:54 - 2014-07-14 00:54 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Ubisoft

Some content of TEMP:
====================
C:\Users\Jonas\AppData\Local\Temp\AdobeDownloadAssistant.exe
C:\Users\Jonas\AppData\Local\Temp\CRCCheck.exe
C:\Users\Jonas\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Jonas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptadsgr.dll
C:\Users\Jonas\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Jonas\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Jonas\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Jonas\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Jonas\AppData\Local\Temp\npp.6.5.1.Installer.exe
C:\Users\Jonas\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Jonas\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jonas\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Jonas\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Jonas\AppData\Local\Temp\nvStInst.exe
C:\Users\Jonas\AppData\Local\Temp\PicaJet.Daminion._d02b882f.dll
C:\Users\Jonas\AppData\Local\Temp\Quarantine.exe
C:\Users\Jonas\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Jonas\AppData\Local\Temp\sdapskill.exe
C:\Users\Jonas\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Jonas\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Jonas\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jonas\AppData\Local\Temp\sonarinst.exe
C:\Users\Jonas\AppData\Local\Temp\ubi1FD0.tmp.exe
C:\Users\Jonas\AppData\Local\Temp\ubiDD91.tmp.exe
C:\Users\Jonas\AppData\Local\Temp\uninstall_flash_player.exe
C:\Users\Jonas\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\Jonas\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Jonas\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Jonas\AppData\Local\Temp\_is7CED.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 09:42

==================== End Of Log ============================
--- --- ---
Alt 13.08.2014, 12:35   #13
Change
 
Windows 7: Yawtix ads - Standard

Windows 7: Yawtix ads


Addition.txt Teil 1
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014
Ran by Jonas at 2014-08-13 13:25:25
Running from C:\Users\Jonas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
1400_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
1400Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{E94EFAB6-653F-4837-9E8A-F6377CA1EC0D}) (Version: 11.8.800.175 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Aptana Studio 3 (HKLM-x32\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1497.0 - AVAST Software)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.5 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Dia (nur entfernen) (HKLM-x32\...\Dia) (Version:  - )
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
EA Sports FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 7.0.0.47449 - Electronic Arts, Inc.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FileZilla Client 3.8.1 (HKCU\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Git version 1.8.4-preview20130916 (HKLM-x32\...\Git_is1) (Version: 1.8.4-preview20130916 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Management Engine Components (Version: 10.0.0.1204 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Neat Image v7.5.0 Demo Standalone (HKLM\...\Neat Image Standalone_is1) (Version:  - Neat Image team, ABSoft)
NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
ON_OFF Charge 2 B13.0506.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0506.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4643 - Electronic Arts, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PKR (HKLM-x32\...\PKR) (Version:  - PKR Ltd)
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
PremiumSoft Navicat 11.0 for MySQL (HKLM\...\PremiumSoft Navicat for MySQL_is1) (Version: 11.0.11 - PremiumSoft CyberTech Ltd.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Ruby 2.0.0-p247-x64 (HKCU\...\{B5BD4615-7C8A-4E50-9179-71B593CA6B67}_is1) (Version: 2.0.0-p247 - RubyInstaller Team)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited)
SQLyog 9.20 (HKLM-x32\...\SQLyog) (Version: 9.20 - Webyog Softworks Pvt. Ltd.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TortoiseGit 1.8.7.0 (64 bit) (HKLM\...\{B7307613-51D1-40EA-80CD-4A5A71CC657B}) (Version: 1.8.7.0 - TortoiseGit)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
VideoLAN Movie Creator (HKLM-x32\...\VLMC) (Version:  - )
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WhoCrashed 5.01 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 3.3.5.12340 - Blizzard Entertainment)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> D:\Programme\OpenOffice\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> D:\Programme\OpenOffice\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> D:\Programme\OpenOffice\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> D:\Programme\OpenOffice\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> D:\Programme\OpenOffice\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> D:\Programme\OpenOffice\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> D:\Programme 32\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()

Alt 13.08.2014, 12:36   #14
Change
 
Windows 7: Yawtix ads - Standard

Windows 7: Yawtix ads


Addition.txt Teil 2
Code:
ATTFilter
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBC}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32 -> D:\Programme\Java\jre7\bin\jp2iexp.dll ()
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2447308508-773045781-2490511535-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

07-08-2014 08:15:09 DirectX wurde installiert
08-08-2014 09:09:43 Windows Update
12-08-2014 08:44:49 Windows Update
12-08-2014 09:05:42 Revo Uninstaller's restore point - Unity
12-08-2014 09:06:38 Revo Uninstaller's restore point - Unity Web Player
12-08-2014 09:08:04 Revo Uninstaller's restore point - Grand Theft Auto IV Complete Edition MULTi-5 Plus EXTRAS 1.0
12-08-2014 15:51:06 Revo Uninstaller's restore point - XAMPP
12-08-2014 15:51:43 Revo Uninstaller's restore point - XAMPP
12-08-2014 15:59:25 Revo Uninstaller's restore point - VMware Workstation
12-08-2014 17:45:46 Revo Uninstaller's restore point - XAMPP

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-01-28 19:34 - 2014-02-10 21:18 - 00003599 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost 

There are 59 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {5F33BDBB-BEE3-4D10-A4EA-D5452ABB9681} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {8C194A7C-F879-42E6-95F9-25B525D34A49} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08] (Hewlett-Packard)
Task: {94A373DC-BABF-4F46-A5C7-605BDFD97CED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-22] (Google Inc.)
Task: {A2F0C76D-27B6-4E62-9A87-6898B83BC5B2} - System32\Tasks\AdobeAAMUpdater-1.0-Jonas-PC-Jonas => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)
Task: {B10CE96C-2156-44B5-9D6F-9BF82F3891CC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {BCFD03DF-4683-4065-BCE5-E76CC32DA449} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-22] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-26 21:22 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-26 22:05 - 2010-06-17 20:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2014-06-28 10:23 - 2014-06-28 10:23 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-01-12 19:39 - 2014-01-12 19:39 - 00728424 _____ () D:\Programme\TortoiseGit\bin\libgit2.dll
2014-01-12 19:39 - 2014-01-12 19:39 - 00087400 _____ () D:\Programme\TortoiseGit\bin\zlib1.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-10-10 14:44 - 2013-09-16 12:15 - 00718377 _____ () D:\Programme 32\Git\git-cheetah\git_shell_ext64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () D:\Programme 32\Notepad++\NppShell_05.dll
2014-08-12 23:46 - 2014-08-12 22:21 - 02811392 _____ () C:\Program Files\AVAST Software\Avast\defs\14081203\algo.dll
2014-01-12 19:31 - 2014-01-12 19:31 - 00550248 _____ () D:\Programme\TortoiseGit\bin\libgit232.dll
2014-01-12 19:31 - 2014-01-12 19:31 - 00077160 _____ () D:\Programme\TortoiseGit\bin\zlib132.dll
2014-08-13 13:21 - 2014-08-13 13:21 - 00043008 _____ () c:\users\jonas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptadsgr.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Jonas\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-26 21:13 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin                                                                                                                                                                     
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MyDriveConnect.exe => "C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: Steam => "D:\Programme 32\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe                                                                                                                                                                                                    
MSCONFIG\startupreg: vmware-tray.exe => "D:\Program Files (x86)\VMWare\vmware-tray.exe"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2014 01:24:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 10.8.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c38

Startzeit: 01cfb6e92503015f

Endzeit: 10

Anwendungspfad: C:\Users\Jonas\Desktop\FRST64.exe

Berichts-ID: 67998b94-22dc-11e4-8be8-94de80b85b53


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (08/13/2014 01:24:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe10.8.2014.0c3801cfb6e92503015f10C:\Users\Jonas\Desktop\FRST64.exe67998b94-22dc-11e4-8be8-94de80b85b53


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 15%
Total physical RAM: 16328.99 MB
Available physical RAM: 13809.35 MB
Total Pagefile: 32656.16 MB
Available Pagefile: 30212.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.02 GB) (Free:19.63 GB) NTFS
Drive d: (Daten) (Fixed) (Total:931.39 GB) (Free:318.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Alt 13.08.2014, 20:41   #15
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Yawtix ads - Standard

Windows 7: Yawtix ads



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort
Seite 1 von 2 1 2

Themen zu Windows 7: Yawtix ads
2 fehlermeldungen, ads, anschluss, automatisch, beim starten, datei, fehler, fehlermeldungen, firefox, folge, frage, gmer, google, logfiles, mbam, namen, neustart, prozess, starten, suche, system, system32, tool, treiber, windows, wärend


« PC friert ein Windows 8.1 | Windows 8.1: Einfrierung von Programmen und System »


Ähnliche Themen: Windows 7: Yawtix ads


  1. Windows 8.1: Runtime Errror c:\windows\syswow64\rundll32.exe und Update-Fehler bei Windows
    Log-Analyse und Auswertung - 24.11.2015 (14)
  2. Windows 8, Windows 7, Android, Windows Phone - Websiten werden auf adfoc.us umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 30.11.2014 (7)
  3. Windows 8: yawtix and google suchergebnisse lassen sich nicht öffnen
    Plagegeister aller Art und deren Bekämpfung - 03.08.2014 (6)
  4. Yawtix Ordner gefunden !
    Log-Analyse und Auswertung - 16.07.2014 (3)
  5. Windows 7: Yawtix ads - ungewollte Werbung in Firefox
    Log-Analyse und Auswertung - 02.07.2014 (7)
  6. (Yawtix ads) ungewollte Suche-Chrome Popups aufdringlich
    Plagegeister aller Art und deren Bekämpfung - 23.06.2014 (5)
  7. Windows 7: Windows-Sicherheitscenter und Windows Defender funktionieren nicht mehr, Services.exe verseucht?
    Log-Analyse und Auswertung - 07.01.2014 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7: Yawtix ads - Hallo, ich habe seit gesten merkwürdige Vorkommnisse in meinem Firefox bemerkt. Seltsame Pagerankings tauchten als Ad-Popups auf und auch wenn ich Text markierte kamen Tooltips für das Suchen oder Weiterleiten - Windows 7: Yawtix ads...
Archiv
Du betrachtest: Windows 7: Yawtix ads auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54