Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.08.2014, 16:38   #1
TinaW5
 
"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett - Standard

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett



Firefox schließt sich, wenn ich irgendwo ein Flashvideo anklicke.
Es kommt die Fehlermeldung "plugin container for firefox funktioniert nicht mehr".
Deinstallation von Firefox und Neuinstallation hat nicht geholfen. Adobe Flashplayer ist auf dem neuesten Stand.

defogger_disable Log
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:42 on 25/08/2014 (XXXXX_2)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by XXXXX_2 (administrator) on XXXXXS-ACER on 25-08-2014 16:44:13
Running from C:\Users\XXXXX_2\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Corel, Inc.) C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
() C:\Programme\FeedReader30\feedreader.exe
(J3S GmbH) C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PSIService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Dropbox, Inc.) C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA) F:\R+S Homepage\WS_FTP95.exe
(ConTEXT Project Ltd) C:\Program Files\ConTEXT\ConTEXT.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe [483144 2007-08-17] (Corel, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-K] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe [1218048 2010-06-28] (Siliten)
HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-M] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe [860672 2010-06-28] (Siliten)
HKLM-x32\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [Standby] => C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2010-05-17] (Corel)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [COMPUTER BILD Account-Alarm] => \COMPUTER BILD Account-Alarm /tray
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-24] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [Google Update] => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-23] (Google Inc.)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2058752 2014-08-07] (J3S GmbH)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {49193dcf-b7da-11e1-85a0-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {5b63bcb4-48dd-11e1-92be-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {61431bdb-2fe2-11e2-98ec-1c7508023576} - G:\Startme.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {90066f53-bc5d-11e0-9e2a-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {a733176c-bc55-11e0-ac53-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {da0ccac9-ccf1-11e1-8983-1c7508023576} - G:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.soapreichundschoen.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default
FF Homepage: chrome://speeddial/content/speeddial.xul
FF NetworkProxy: "backup.ftp", "76.73.26.77"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "76.73.26.77"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "76.73.26.77"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "76.73.26.77"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "76.73.26.77"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "76.73.26.77"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "76.73.26.77"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\youtubeunblocker@unblocker.yt [2014-06-20]
FF Extension: DownloadHelper - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-23]
FF Extension: DSL Soforthilfe - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{} [2014-07-23]
FF Extension: Video Downloader professional - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\ffext_basicvideoext@startpage24.xpi [2014-08-23]
FF Extension: Stealthy - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\stealthyextension@gmail.com.xpi [2011-11-20]
FF Extension: Free Hide IP - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\support@free-hideip.com.xpi [2013-04-09]
FF Extension: Tab Auto Reload - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\TabAutoReload@schuzak.jp.xpi [2012-07-20]
FF Extension: Speed Dial - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2011-08-10]
FF Extension: NoScript - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-14]
FF Extension: Adblock Plus - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-07]
FF Extension: {de5aeb72-ad84-429a-bc36-a15da06270bc} - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{de5aeb72-ad84-429a-bc36-a15da06270bc}.xpi [2013-11-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-08-02]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Programme\Video Converter Ultimate\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Programme\Video Converter Ultimate\SVRFirefoxExt [2014-02-07]
FF HKLM-x32\...\Firefox\Extensions: [{78ee576f-36ab-4371-a938-48cd78cd469e}] - C:\Program Files (x86)\Security Utility\securityutility.xpi
FF Extension: No Name - C:\Program Files (x86)\Security Utility\securityutility.xpi [2014-05-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-16]
FF HKCU\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Programme\Video Converter Ultimate\SVRFirefoxExt

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: qvo6
CHR DefaultSearchProvider: qvo6
CHR DefaultSearchURL: hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A704768447684&ts=1374655597&type=default&q={searchTerms}
CHR DefaultSuggestURL: 
CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Freemake np-plugin for google chrome) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (WEB.DE MailCheck) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2013-07-11]
CHR Extension: (Google Wallet) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-24] (AVAST Software)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
S2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed]
U2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 Securepoint VPN; C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe [198024 2012-11-01] ()
S2 SkypeUpdate; C:\Programme\skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-24] ()
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R2 NPF; C:\Windows\SysWOW64\drivers\npf.sys [50704 2010-03-22] (CACE Technologies, Inc.)
S1 PQNTDrv; C:\Windows\SysWow64\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation) [File not signed]
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 wmvad_simple; C:\Windows\System32\drivers\wmvad.sys [23040 2010-12-10] (WonderMedia Technologies, Inc.)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 16:44 - 2014-08-25 16:45 - 00029086 _____ () C:\Users\XXXXX_2\Desktop\FRST.txt
2014-08-25 16:44 - 2014-08-25 16:44 - 00000000 ____D () C:\FRST
2014-08-25 16:43 - 2014-08-25 16:43 - 02103296 _____ (Farbar) C:\Users\XXXXX_2\Desktop\FRST64.exe
2014-08-25 16:42 - 2014-08-25 16:43 - 00000478 _____ () C:\Users\XXXXX_2\Desktop\defogger_disable.log
2014-08-25 16:42 - 2014-08-25 16:42 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable
2014-08-25 16:41 - 2014-08-25 16:41 - 00050477 _____ () C:\Users\XXXXX_2\Desktop\Defogger.exe
2014-08-24 18:03 - 2014-08-24 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-24 18:02 - 2014-08-24 18:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-24 10:46 - 2014-08-24 10:46 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-24 10:46 - 2014-08-24 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-24 10:45 - 2014-08-24 10:46 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-24 10:45 - 2014-08-24 10:45 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-24 10:45 - 2014-08-24 10:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-24 10:43 - 2014-08-24 10:43 - 01364531 _____ () C:\Users\XXXXX_2\Desktop\adwcleaner_3.308.exe
2014-08-24 10:26 - 2014-08-24 17:47 - 00002426 _____ () C:\Windows\SecuniaPackage.log
2014-08-24 10:24 - 2014-08-24 10:24 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-24 10:23 - 2014-08-24 10:23 - 00001043 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-08-24 10:23 - 2014-08-24 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-08-24 10:23 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-08-24 10:22 - 2014-08-24 10:22 - 04095448 _____ (BrightFort LLC ) C:\Users\XXXXX_2\Downloads\spywareblastersetup50.exe
2014-08-24 10:16 - 2014-08-24 10:16 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-24 10:16 - 2014-08-24 10:16 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-24 10:16 - 2014-08-24 10:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-24 10:15 - 2014-08-24 10:15 - 01364531 _____ () C:\Users\XXXXX_2\Downloads\adwcleaner_3.308.exe
2014-08-24 10:14 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0 (1).exe
2014-08-24 10:13 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0.exe
2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-08-16 13:23 - 2014-08-24 10:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-16 13:20 - 2014-08-16 13:20 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\AVAST Software
2014-08-16 13:16 - 2014-08-16 13:16 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-16 13:09 - 2014-08-24 10:28 - 00000000 ____D () C:\AdwCleaner
2014-08-16 12:27 - 2014-08-16 13:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-16 12:18 - 2014-08-16 12:18 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-08-16 12:18 - 2014-08-16 12:18 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Secunia PSI
2014-08-16 12:17 - 2014-08-16 12:17 - 05329480 _____ (Secunia) C:\Users\XXXXX_2\Desktop\PSISetup_3.0.0.9016.exe
2014-08-16 12:17 - 2014-08-16 12:17 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-16 12:10 - 2014-08-16 12:13 - 00002131 _____ () C:\DelFix.txt
2014-08-16 12:02 - 2014-08-16 12:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-16 12:02 - 2014-08-16 12:02 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-15 09:41 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 09:41 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-15 09:41 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 09:41 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 09:41 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 09:41 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 09:41 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 09:41 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 09:41 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 09:41 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 09:41 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 09:40 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 09:40 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 09:40 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 09:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 09:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 18:51 - 2014-08-16 12:10 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 16:13 - 2014-08-14 16:13 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-14 16:13 - 2014-08-14 16:13 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-14 16:07 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 16:07 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 16:05 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 16:05 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 16:05 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 16:05 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 16:05 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 16:05 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 16:05 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 16:05 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 16:05 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 16:05 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 16:05 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 16:05 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 16:05 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 16:05 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 16:05 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 16:05 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 16:05 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 16:05 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 16:05 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 16:05 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 16:05 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 16:05 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 16:05 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 16:05 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 16:05 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 16:05 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 16:05 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 16:05 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 16:05 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 16:05 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 16:05 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 16:05 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 16:04 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 16:04 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 16:04 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 16:04 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 16:04 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 16:04 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 16:04 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 16:04 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 16:04 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 16:04 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 16:04 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 16:04 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 16:04 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 16:04 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 16:04 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 16:04 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 16:04 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 16:04 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 16:04 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 16:04 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 16:04 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 16:04 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 16:04 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 16:04 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 16:03 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 16:03 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 15:58 - 2014-08-25 15:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 15:58 - 2014-08-14 15:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 15:58 - 2014-08-14 15:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-14 15:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-14 15:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-14 15:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-14 15:25 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 15:25 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 15:25 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 15:25 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 15:25 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 15:25 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 15:24 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 15:24 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 17:11 - 2014-08-24 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 16:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm
2014-08-06 11:35 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 11:35 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 11:34 - 2014-08-06 11:35 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility
2014-08-05 19:12 - 2014-08-14 15:26 - 00001083 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-02 10:21 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 10:21 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 10:21 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 10:21 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 10:20 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 10:20 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 10:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 10:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 10:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 10:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 16:45 - 2014-08-25 16:44 - 00029086 _____ () C:\Users\XXXXX_2\Desktop\FRST.txt
2014-08-25 16:44 - 2014-08-25 16:44 - 00000000 ____D () C:\FRST
2014-08-25 16:43 - 2014-08-25 16:43 - 02103296 _____ (Farbar) C:\Users\XXXXX_2\Desktop\FRST64.exe
2014-08-25 16:43 - 2014-08-25 16:42 - 00000478 _____ () C:\Users\XXXXX_2\Desktop\defogger_disable.log
2014-08-25 16:42 - 2014-08-25 16:42 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable
2014-08-25 16:42 - 2011-08-16 18:33 - 00000000 ____D () C:\Users\XXXXX_2\Documents\Outlook-Dateien
2014-08-25 16:42 - 2011-08-08 17:07 - 00000000 ____D () C:\Users\XXXXX_2
2014-08-25 16:41 - 2014-08-25 16:41 - 00050477 _____ () C:\Users\XXXXX_2\Desktop\Defogger.exe
2014-08-25 16:34 - 2012-04-15 18:19 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-25 16:34 - 2012-04-15 18:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-25 16:34 - 2012-04-15 18:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-25 16:34 - 2011-08-01 17:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-25 16:17 - 2012-04-23 17:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-25 16:06 - 2012-07-14 11:01 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA.job
2014-08-25 16:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-08-25 15:17 - 2014-08-14 15:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 15:17 - 2012-04-23 17:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-25 10:33 - 2012-07-14 11:01 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core.job
2014-08-25 10:22 - 2010-09-26 18:37 - 00703230 _____ () C:\Windows\system32\perfh007.dat
2014-08-25 10:22 - 2010-09-26 18:37 - 00150838 _____ () C:\Windows\system32\perfc007.dat
2014-08-25 10:22 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-24 18:03 - 2014-08-24 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-24 18:03 - 2012-02-22 14:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-24 18:02 - 2014-08-24 18:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-24 17:50 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-24 17:50 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-24 17:49 - 2010-09-26 08:46 - 01289600 _____ () C:\Windows\WindowsUpdate.log
2014-08-24 17:47 - 2014-08-24 10:26 - 00002426 _____ () C:\Windows\SecuniaPackage.log
2014-08-24 17:41 - 2014-06-09 20:09 - 00000000 ___RD () C:\Users\XXXXX_2\Dropbox
2014-08-24 17:41 - 2013-07-27 10:17 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Dropbox
2014-08-24 17:40 - 2012-07-21 14:16 - 00131072 _____ () C:\Windows\system32\Ikeext.etl
2014-08-24 17:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 17:39 - 2009-07-14 06:51 - 00179046 _____ () C:\Windows\setupact.log
2014-08-24 17:39 - 2009-07-14 06:45 - 00480072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-24 17:38 - 2010-09-26 08:43 - 00773620 _____ () C:\Windows\PFRO.log
2014-08-24 12:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-24 10:46 - 2014-08-24 10:46 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-24 10:46 - 2014-08-24 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-24 10:46 - 2014-08-24 10:45 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-24 10:45 - 2014-08-24 10:45 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-24 10:45 - 2014-08-24 10:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-24 10:43 - 2014-08-24 10:43 - 01364531 _____ () C:\Users\XXXXX_2\Desktop\adwcleaner_3.308.exe
2014-08-24 10:37 - 2012-06-07 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-24 10:32 - 2012-09-12 13:11 - 00000000 ___RD () C:\Users\XXXXX_2\Mediencenter
2014-08-24 10:32 - 2011-08-01 13:58 - 00002679 _____ () C:\Windows\wininit.ini
2014-08-24 10:28 - 2014-08-16 13:09 - 00000000 ____D () C:\AdwCleaner
2014-08-24 10:25 - 2013-01-18 12:47 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-24 10:24 - 2014-08-24 10:24 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-24 10:23 - 2014-08-24 10:23 - 00001043 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-08-24 10:23 - 2014-08-24 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-08-24 10:23 - 2014-08-16 13:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-24 10:22 - 2014-08-24 10:22 - 04095448 _____ (BrightFort LLC ) C:\Users\XXXXX_2\Downloads\spywareblastersetup50.exe
2014-08-24 10:16 - 2014-08-24 10:16 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-24 10:16 - 2014-08-24 10:16 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-24 10:16 - 2014-08-24 10:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-24 10:16 - 2014-05-10 09:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-24 10:15 - 2014-08-24 10:15 - 01364531 _____ () C:\Users\XXXXX_2\Downloads\adwcleaner_3.308.exe
2014-08-24 10:14 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0 (1).exe
2014-08-24 10:14 - 2014-08-24 10:13 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0.exe
2014-08-24 10:01 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-24 10:01 - 2014-06-09 20:07 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-24 10:01 - 2014-04-20 17:28 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Feedreader
2014-08-24 10:01 - 2011-11-24 17:26 - 00000000 ____D () C:\Windows\system32\Macromed
2014-08-24 10:01 - 2011-08-01 11:55 - 00000000 ___HD () C:\Users\XXXXX
2014-08-24 10:01 - 2010-09-06 13:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-08-24 10:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-24 10:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-24 09:59 - 2011-08-07 13:26 - 00000000 ____D () C:\Programme
2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-08-16 13:20 - 2014-08-16 13:20 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\AVAST Software
2014-08-16 13:16 - 2014-08-16 13:16 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-16 13:16 - 2014-08-16 12:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-16 12:18 - 2014-08-16 12:18 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-08-16 12:18 - 2014-08-16 12:18 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Secunia PSI
2014-08-16 12:17 - 2014-08-16 12:17 - 05329480 _____ (Secunia) C:\Users\XXXXX_2\Desktop\PSISetup_3.0.0.9016.exe
2014-08-16 12:17 - 2014-08-16 12:17 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-16 12:13 - 2014-08-16 12:10 - 00002131 _____ () C:\DelFix.txt
2014-08-16 12:10 - 2014-08-14 18:51 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 12:02 - 2014-08-16 12:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-16 12:02 - 2014-08-16 12:02 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-16 12:02 - 2010-09-06 13:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-16 12:02 - 2010-09-06 13:35 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-16 11:45 - 2011-08-08 15:46 - 00000000 ____D () C:\Program Files (x86)\BILDmobil
2014-08-16 11:44 - 2011-08-11 09:24 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\uTorrent
2014-08-16 11:41 - 2011-10-13 21:15 - 00000000 ____D () C:\ProgramData\Avira
2014-08-16 11:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 20:26 - 2013-01-22 18:16 - 00002367 _____ () C:\Users\XXXXX_2\Desktop\Google Chrome.lnk
2014-08-15 13:48 - 2011-08-27 09:11 - 00000000 ____D () C:\Temp
2014-08-15 13:43 - 2011-08-02 08:43 - 00000000 ____D () C:\Program Files\ConTEXT
2014-08-14 18:25 - 2013-01-18 12:36 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-14 16:13 - 2014-08-14 16:13 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-14 16:13 - 2014-08-14 16:13 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-14 16:13 - 2014-01-28 18:56 - 00001315 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-08-14 15:58 - 2014-08-14 15:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 15:58 - 2014-08-14 15:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-14 15:54 - 2014-06-09 20:09 - 00001026 _____ () C:\Users\XXXXX_2\Desktop\Dropbox.lnk
2014-08-14 15:39 - 2013-08-17 09:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 15:31 - 2011-08-02 08:54 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 15:30 - 2011-08-16 18:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 15:26 - 2014-08-05 19:12 - 00001083 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-14 15:16 - 2012-05-22 20:24 - 00000021 _____ () C:\Users\XXXXX_2\AppData\Local\mc.pixel.data
2014-08-14 15:09 - 2011-08-12 18:01 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\IrfanView
2014-08-14 15:08 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-14 15:08 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-14 15:08 - 2010-09-06 13:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-14 15:07 - 2011-08-01 13:58 - 00000000 ___HD () C:\Users\XXXXX\AppData\Roaming\Mozilla
2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-11 10:57 - 2011-08-26 19:38 - 00000000 ____D () C:\Users\XXXXX_2\dwhelper
2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm
2014-08-06 11:37 - 2014-04-19 19:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 11:35 - 2014-08-06 11:34 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-06 11:35 - 2011-08-01 14:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility
2014-08-05 09:20 - 2011-08-02 18:06 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-01 01:41 - 2014-08-14 16:04 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-14 16:05 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

Some content of TEMP:
====================
C:\Users\XXXXX_2\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXX_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpocq9c7.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 11:34

==================== End Of Log ============================
         
Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03
Ran by XXXXX_2 at 2014-08-25 16:45:52
Running from C:\Users\XXXXX_2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0826.2010 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\{15AE611F-5A40-4BD0-9291-1C6856BDB9A4}) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Alien Skin Eye Candy 5 Nature (HKLM-x32\...\EyeCandy5Nature) (Version:  - )
Alien Skin Xenofex 2.0 (HKLM-x32\...\Xenofex2) (Version:  - )
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Avidemux 2.5 (32-bit) (HKLM-x32\...\Avidemux 2.5) (Version: 2.5.6.7716 - )
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Backup Manager Advance (x32 Version: 2.0.1.68 - NewTech Infosystems) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
calibre (HKLM-x32\...\{1BFDD064-4C67-4156-A6C6-6E8D63563B3B}) (Version: 1.20.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon iP7200 series Benutzerregistrierung (HKLM-x32\...\Canon iP7200 series Benutzerregistrierung) (Version:  - Canon Inc.?)
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX350 series Benutzerregistrierung (HKLM-x32\...\Canon MX350 series Benutzerregistrierung) (Version:  - )
Canon MX350 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
COMPUTER BILD Account-Alarm (HKLM-x32\...\{04B0A9F1-070A-4C32-A575-6D2DC8F5C52E}) (Version: 1.0.3 - J3S)
concept/design onlineTV 8 (HKLM-x32\...\{D2AC7034-15AC-4F62-85BD-1E48021E45D6}_is1) (Version: 8.2.0.1 - concept/design GmbH)
ContentHD (x32 Version: 1.00.0002 - Corel Corporation) Hidden
Contents (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version:  - ConTEXT Project Ltd)
Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.00.0000 - Corel Corporation)
Corel Paint Shop Pro Photo XI (HKLM-x32\...\{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}) (Version: 11.00.0000 - Corel Inc)
Corel Painter Essentials 3 (HKLM-x32\...\_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version:  - Corel Corporation)
Corel Painter Essentials 3 (x32 Version: 3.2 - Corel Corporation) Hidden
Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.2.69 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.6) (Version: 4.8.1.6 - DAZ 3D)
DAZ Studio 4 (HKLM-x32\...\DAZ Studio 4 4.0.0.335) (Version: 4.0.0.335 - DAZ 3D)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version:  - Microsoft)
DeviceIO (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
DS4 Default Content (HKLM-x32\...\DS4 Default Content 4.0.0.8) (Version: 4.0.0.8 - DAZ 3D)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Eye Candy 4000 (HKLM-x32\...\Eye Candy 4000) (Version:  - )
FeedReader (HKLM-x32\...\FeedReader_is1) (Version:  - i-Systems Inc.)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Free Screen Video Recorder version 2.5.22.508 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.22.508 - DVDVideoSoft Ltd.)
Free Video Dub version 2.0.12.706 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.12.706 - DVDVideoSoft Ltd.)
FrostWire 5.3.6 (HKLM-x32\...\FrostWire 5) (Version: 5.3.6.0 - FrostWire Team)
GetFLV 9.6.5.5 (HKLM-x32\...\GetFLV_is1) (Version:  - GetFLV, Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
ICA (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
instplugin (HKLM-x32\...\instplugin) (Version:  - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
InterVideo DeviceService (HKLM-x32\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.76 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.5.10.76 - InterVideo Inc.) Hidden
IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jasc Animation Shop 3 (HKLM-x32\...\{174D5678-D941-433C-BD23-58A5C7B0D36D}) (Version: 3.05.0000 - Jasc Software Inc)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-Bit (HKLM\...\{95140000-007A-0407-1000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (HKLM\...\{95140000-007D-0409-1000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MLE (x32 Version: 1.0.0.23 - Corel Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
OpenVPN 2.2.2 (HKLM-x32\...\OpenVPN) (Version: 2.2.2 - )
PartitionMagic (x32 Version: 8.00.000 - PowerQuest) Hidden
PureHD (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Securepoint SSL VPN (HKLM-x32\...\Securepoint SSL VPN) (Version:  - Securepoint GmbH)
Security Utility (HKLM-x32\...\Security Utility) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Setup (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Share (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Share64 (Version: 1.6.2.36 - Corel Corporation) Hidden
SilverCrest DMTS2017 Driver (HKLM-x32\...\{1E494817-D81E-4B0E-B379-F34DF4DCDA58}) (Version: 1.0 - TARGA)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.1.2 - SmartSound Software Inc.)
SmartSound Quicktracks Plugin (x32 Version: 3.0.1.2 - SmartSound Software Inc.) Hidden
Sony PC Companion 2.10.115 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.115 - Sony)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sqirlz Water Reflections (HKLM-x32\...\Sqirlz Water Reflections) (Version: 2.6 - xiberpix)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.02 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.06 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.04.49 - Akademische Arbeitsgemeinschaft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TVUPlayer 2.5.3.1 (HKLM-x32\...\TVUPlayer) (Version: 2.5.3.1 - TVU networks)
Ulead GIF Animator 5 Test (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - )
Ulead PhotoImpact 8 (HKLM-x32\...\{3D960387-76B3-4758-BAF7-D156B14A032F}) (Version: 8.0 - Ulead System)
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
Video Download Studio 3.4.14 (HKLM-x32\...\{8A075C9A-1368-4491-855E-F3D9ABE55740}_is1) (Version:  - aHisoft)
Video Downloader version 2.0 (HKLM-x32\...\Video Downloader_is1) (Version: 2.0 - )
VIO (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSClassic (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
VSPro (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Wondershare Free YouTube Downloader(Build 3.8.0.4) (HKLM-x32\...\Wondershare Free YouTube Downloader_is1) (Version: 3.8.0.4 - Wondershare Software)
Wondershare Video Converter Ultimate(Build 6.7.1.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 6.7.1.0 - Wondershare Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

16-08-2014 10:11:40 Ende der Bereinigung
16-08-2014 11:14:58 avast! antivirus system restore point
16-08-2014 13:21:09 Removed Jasc Animation Shop 3
19-08-2014 18:48:46 Windows Update
23-08-2014 19:01:56 Removed Adobe Flash Player 14 Plugin.
24-08-2014 07:53:12 Wiederherstellungsvorgang
24-08-2014 08:13:52 Windows Update
24-08-2014 08:42:00 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FFD4DF7-E79E-4CF0-AE38-56D663221D27} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5CBF856C-D0CF-4FBD-9BD8-2D2AC2FD1224} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: {6F0BCF1C-DA02-4B83-88AF-6C6F6228E90E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: {8C54AD7F-34A0-47AE-B099-EE52B61C2F3A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-25] (Adobe Systems Incorporated)
Task: {C712CDA3-DE89-4111-9621-0A1AD2FAFAA7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-752392268-3339214621-1681333280-1000
Task: {D321CF44-4271-44F1-A90C-0A13B5A0152E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-24] (AVAST Software)
Task: {DE2FFE30-8218-4F49-A8B1-33E1B539385F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: {EE4A2A93-391A-43D8-B769-C8E0934C54CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core.job => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA.job => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-08-16 16:20 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2010-09-26 08:54 - 2010-06-09 18:54 - 00206208 _____ () C:\Windows\PLFSetI.exe
2014-04-20 17:28 - 2009-03-29 11:30 - 02058240 _____ () C:\Programme\FeedReader30\feedreader.exe
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2012-11-01 13:11 - 2012-11-01 13:11 - 00198024 _____ () C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-08-14 16:12 - 2014-08-06 11:34 - 00011584 _____ () C:\Program Files (x86)\TeamViewer\Version9\outlook\ManagedAggregator.dll
2013-02-15 04:36 - 2013-02-15 04:36 - 01554496 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-08-24 10:45 - 2014-08-24 10:45 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-24 14:55 - 2014-08-24 14:55 - 02801152 _____ () C:\Program Files\AVAST Software\Avast\defs\14082400\algo.dll
2014-08-25 14:21 - 2014-08-25 14:21 - 02801152 _____ () C:\Program Files\AVAST Software\Avast\defs\14082500\algo.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-08-07 11:39 - 2014-08-07 11:39 - 00014336 _____ () C:\Program Files (x86)\COMPUTER BILD Account-Alarm\BCrypt.Net.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-08-24 17:41 - 2014-08-24 17:41 - 00043008 _____ () c:\users\XXXXX_2\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpocq9c7.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\libcef.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 00009826 _____ () C:\Program Files\Securepoint SSL VPN\mingwm10.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 00020480 _____ () C:\Program Files\Securepoint SSL VPN\libgcc_s_dw2-1.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 00967168 _____ () C:\Program Files\Securepoint SSL VPN\QtCore4.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 01209344 _____ () C:\Program Files\Securepoint SSL VPN\QtNetwork4.dll
2010-09-06 14:06 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2012-02-18 15:16 - 2007-08-02 22:07 - 00034064 _____ () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2014-08-24 10:45 - 2014-08-24 10:45 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-14 16:13 - 2014-08-14 16:13 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e28fdf645d0ce4b58b0ee3352e1de34c\IsdiInterop.ni.dll
2010-09-06 13:20 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-08-24 10:16 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-07 10:48 - 2013-12-19 18:15 - 00146320 _____ () C:\Programme\Video Converter Ultimate\SVRFirefoxExt\components\VCFFComponent4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2014 04:39:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1404
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/25/2014 04:39:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xd30
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/25/2014 04:39:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xf78
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/25/2014 04:35:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1b1c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/25/2014 04:35:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1ed4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/25/2014 04:19:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1614
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/25/2014 10:33:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x1e24
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3

Error: (08/24/2014 05:43:54 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT-AUTORITÄT)
Description: Product: Adobe Flash Player 14 ActiveX -- Error 1704.An installation for QuickTime 7 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (08/24/2014 04:12:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1024
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/24/2014 10:42:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary jzommrlh.

System Error:
Das System kann die angegebene Datei nicht finden.
.


System errors:
=============
Error: (08/25/2014 10:19:36 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Fehlercode: 21

Error: (08/24/2014 05:39:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DAZ Content Management Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/24/2014 05:39:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst DAZ Content Management Service erreicht.

Error: (08/24/2014 05:39:24 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.

Error: (08/24/2014 05:38:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/24/2014 05:39:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ?24.?08.?2014 um 17:37:17 unerwartet heruntergefahren.

Error: (08/24/2014 05:36:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (08/24/2014 05:35:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (08/24/2014 05:34:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (08/24/2014 05:31:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0006F03A-0000-0000-C000-000000000046}


Microsoft Office Sessions:
=========================
Error: (08/25/2014 04:39:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b140401cfc0726a22af0eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla96c2513-2c65-11e4-8606-1c7508023576

Error: (08/25/2014 04:39:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141bd3001cfc071ee33c52fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll9078ed92-2c65-11e4-8606-1c7508023576

Error: (08/25/2014 04:39:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141bf7801cfc071fdb5e061C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll8ef02a65-2c65-11e4-8606-1c7508023576

Error: (08/25/2014 04:35:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b1b1c01cfc071d7a77025C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1adfa17b-2c65-11e4-8606-1c7508023576

Error: (08/25/2014 04:35:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b1ed401cfc0714f0f7711C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll17bd7187-2c65-11e4-8606-1c7508023576

Error: (08/25/2014 04:19:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b161401cfbfb28f2c5cc2C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlldc8d214e-2c62-11e4-8606-1c7508023576

Error: (08/25/2014 10:33:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e01e2401cfc03d5248b899C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll7163d0a1-2c32-11e4-8606-1c7508023576

Error: (08/24/2014 05:43:54 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT-AUTORITÄT)
Description: Product: Adobe Flash Player 14 ActiveX -- Error 1704.An installation for QuickTime 7 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/24/2014 04:12:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b102401cfbf89d6d52240C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllbb817265-2b98-11e4-a2c4-1c7508023576

Error: (08/24/2014 10:42:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary jzommrlh.

System Error:
Das System kann die angegebene Datei nicht finden.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 52%
Total physical RAM: 4025.97 MB
Available physical RAM: 1900.65 MB
Total Pagefile: 8050.13 MB
Available Pagefile: 4917.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:292.59 GB) (Free:219.03 GB) NTFS
Drive e: (Daten) (Fixed) (Total:97.66 GB) (Free:32.65 GB) NTFS
Drive f: (Internet) (Fixed) (Total:192.83 GB) (Free:40.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 46227C9E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=292.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.5 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
Gmer.txt als Anlage, da der Text sonst zu lang ist.

adwCleaner als Anlage, da der Text sonst zu lang ist.

Malwarebytes hatte kein Ergebnis

Vielen Dank im Voraus für Eure Hilfe!

Alt 25.08.2014, 16:45   #2
schrauber
/// the machine
/// TB-Ausbilder
 

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett - Standard

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 25.08.2014, 16:49   #3
TinaW5
 
"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett - Standard

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett



GMER - Teil 1 von 4
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-25 17:10:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\XXXXX_2\AppData\Local\Temp\fwloyuow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 666                                                                                                                                                     fffff800035ab08a 45 bytes [00, 00, 01, 00, 0D, 00, 40, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 712                                                                                                                                                     fffff800035ab0b8 7 bytes {OR EAX, 0xffffffffffffd800; CALL QWORD [RBX+0x0]}

---- User code sections - GMER 2.1 ----

.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                             0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                      00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                      0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                           0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                 0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                      0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                               0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                  0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                        00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                      0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                    0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                     0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                  00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                     0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                          0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                         0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                  0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                               0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                     0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                  0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                   0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                      0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                               0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                  0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                       00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                  0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                  0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                         00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                    00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                 00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                       0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                    0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                       00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                        00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                 00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                   00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                 00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                             00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                              00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                   0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                   0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                    0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                               0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                       0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Windows\system32\services.exe[612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                            000000007730ef8d 1 byte [62]
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                         00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                         0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                              0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                    0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                         0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                  0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                     0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                           00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                         0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                       0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                        0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                     00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                        0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                             0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                            0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                     0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                  0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                        0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                     0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                      0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                         0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                  0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                     0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                          00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                     0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                     0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                            00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                       00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                    00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                          0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                       0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                          00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                           00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                    00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                   00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                      00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                    00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                 00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                      0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                      0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                       0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                  0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                          0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                              0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                       00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                       0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                            0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                  0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                       0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                   0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                         00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                       0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                     0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                      0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                   00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                      0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                           0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                          0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                   0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                      0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                   0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                    0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                       0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                   0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                        00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                   0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                   0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                          00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                     00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                  00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                        0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                     0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                        00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                         00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                  00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                 00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                    00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                  00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                              00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                               00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                    0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                    0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                     0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                        0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                             000000007730ef8d 1 byte [62]
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                             0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                      00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                      0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                           0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                 0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                      0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                               0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                  0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                        00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                      0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                    0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                     0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                  00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                     0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                          0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                         0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                  0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                               0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                     0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                  0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                   0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                      0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                               0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                  0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                       00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                  0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                  0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                         00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                    00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                 00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                       0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                    0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                       00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                        00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                 00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                   00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                 00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                             00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                              00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                   0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                   0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                    0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                               0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                       0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                              0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                       00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                       0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                            0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                  0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                       0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                   0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                         00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                       0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                     0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                      0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                   00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                      0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                           0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                          0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                   0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                      0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                   0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                    0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                       0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                   0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                        00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                   0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                   0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                          00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                     00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                  00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                        0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                     0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                        00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                         00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                  00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                 00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                    00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                  00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                              00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                               00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                    0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                    0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                     0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                        0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Windows\System32\svchost.exe[276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                             000000007730ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                              0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                       00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                       0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                            0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                  0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                       0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                   0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                         00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                       0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                     0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                      0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                   00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                      0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                           0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                          0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                   0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                      0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                   0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                    0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                       0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                   0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                        00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                   0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                   0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                          00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                     00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                  00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                        0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                     0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                        00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                         00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                  00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                 00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                    00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                  00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                              00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                               00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                    0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                    0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                     0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                        0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Windows\system32\svchost.exe[396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                             000000007730ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                              0000000077521360 5 bytes JMP 0000000100070460
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                       00000000775213b0 5 bytes JMP 0000000100070450
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                       0000000077521510 5 bytes JMP 0000000100070370
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                            0000000077521560 5 bytes JMP 0000000100070470
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                  0000000077521570 5 bytes JMP 00000001000703e0
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                       0000000077521620 5 bytes JMP 0000000100070320
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                0000000077521650 5 bytes JMP 00000001000703b0
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                   0000000077521670 5 bytes JMP 0000000100070390
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                         00000000775216b0 5 bytes JMP 00000001000702e0
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                       0000000077521730 5 bytes JMP 00000001000702d0
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                     0000000077521750 5 bytes JMP 0000000100070310
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                      0000000077521790 5 bytes JMP 00000001000703c0
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                   00000000775217e0 5 bytes JMP 00000001000703f0
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                      0000000077521940 5 bytes JMP 0000000100070230
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                           0000000077521b00 5 bytes JMP 0000000100070480
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                          0000000077521b30 5 bytes JMP 00000001000703a0
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                   0000000077521c10 5 bytes JMP 00000001000702f0
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                0000000077521c20 5 bytes JMP 0000000100070350
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                      0000000077521c80 5 bytes JMP 0000000100070290
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                   0000000077521d10 5 bytes JMP 00000001000702b0
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                    0000000077521d30 5 bytes JMP 00000001000703d0
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                       0000000077521d40 5 bytes JMP 0000000100070330
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                0000000077521db0 5 bytes JMP 0000000100070410
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                   0000000077521de0 5 bytes JMP 0000000100070240
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                        00000000775220a0 5 bytes JMP 00000001000701e0
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                   0000000077522160 5 bytes JMP 0000000100070250
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                   0000000077522190 5 bytes JMP 0000000100070490
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                          00000000775221a0 5 bytes JMP 00000001000704a0
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                     00000000775221d0 5 bytes JMP 0000000100070300
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                  00000000775221e0 5 bytes JMP 0000000100070360
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                        0000000077522240 5 bytes JMP 00000001000702a0
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                     0000000077522290 5 bytes JMP 00000001000702c0
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                        00000000775222c0 5 bytes JMP 0000000100070380
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                         00000000775222d0 5 bytes JMP 0000000100070340
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                  00000000775225c0 5 bytes JMP 0000000100070440
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                 00000000775227c0 5 bytes JMP 0000000100070260
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                    00000000775227d0 5 bytes JMP 0000000100070270
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                  00000000775227e0 5 bytes JMP 0000000100070400
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                              00000000775229a0 5 bytes JMP 00000001000701f0
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                               00000000775229b0 5 bytes JMP 0000000100070210
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                    0000000077522a20 5 bytes JMP 0000000100070200
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                    0000000077522a80 5 bytes JMP 0000000100070420
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                     0000000077522a90 5 bytes JMP 0000000100070430
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                0000000077522aa0 5 bytes JMP 0000000100070220
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                        0000000077522b80 5 bytes JMP 0000000100070280
.text     C:\Windows\system32\svchost.exe[520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                             000000007730ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                             0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                      00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                      0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                           0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                 0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                      0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                               0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                  0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                        00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                      0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                    0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                     0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                  00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                     0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                          0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                         0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                  0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                               0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                     0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                  0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                   0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                      0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                               0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                  0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                       00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                  0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                  0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                         00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                    00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                 00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                       0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                    0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                       00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                        00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                 00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                   00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                 00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                             00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                              00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                   0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                   0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                    0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                               0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                       0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                             0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                      00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                      0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                           0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                 0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                      0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                               0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                  0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                        00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                      0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                    0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                     0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                  00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                     0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                          0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                         0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                  0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                               0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                     0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                  0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                   0000000077521d30 5 bytes JMP 00000000776803d0
         
__________________

Alt 25.08.2014, 16:50   #4
TinaW5
 
"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett - Standard

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett



GMER - Teil 2 von 4
Code:
ATTFilter
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                      0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                               0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                  0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                       00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                  0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                  0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                         00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                    00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                 00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                       0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                    0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                       00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                        00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                 00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                   00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                 00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                             00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                              00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                   0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                   0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                    0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                               0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                       0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[1844] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                    000000007585a2fd 1 byte [62]
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                 0000000077521360 5 bytes JMP 0000000100070460
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                          00000000775213b0 5 bytes JMP 0000000100070450
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                          0000000077521510 5 bytes JMP 0000000100070370
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                               0000000077521560 5 bytes JMP 0000000100070470
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                     0000000077521570 5 bytes JMP 00000001000703e0
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                          0000000077521620 5 bytes JMP 0000000100070320
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                   0000000077521650 5 bytes JMP 00000001000703b0
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                      0000000077521670 5 bytes JMP 0000000100070390
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                            00000000775216b0 5 bytes JMP 00000001000702e0
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                          0000000077521730 5 bytes JMP 00000001000702d0
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                        0000000077521750 5 bytes JMP 0000000100070310
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                         0000000077521790 5 bytes JMP 00000001000703c0
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                      00000000775217e0 5 bytes JMP 00000001000703f0
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                         0000000077521940 5 bytes JMP 0000000100070230
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                              0000000077521b00 5 bytes JMP 0000000100070480
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                             0000000077521b30 5 bytes JMP 00000001000703a0
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                      0000000077521c10 5 bytes JMP 00000001000702f0
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                   0000000077521c20 5 bytes JMP 0000000100070350
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                         0000000077521c80 5 bytes JMP 0000000100070290
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                      0000000077521d10 5 bytes JMP 00000001000702b0
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                       0000000077521d30 5 bytes JMP 00000001000703d0
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                          0000000077521d40 5 bytes JMP 0000000100070330
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                   0000000077521db0 5 bytes JMP 0000000100070410
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                      0000000077521de0 5 bytes JMP 0000000100070240
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                           00000000775220a0 5 bytes JMP 00000001000701e0
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                      0000000077522160 5 bytes JMP 0000000100070250
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                      0000000077522190 5 bytes JMP 0000000100070490
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                             00000000775221a0 5 bytes JMP 00000001000704a0
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                        00000000775221d0 5 bytes JMP 0000000100070300
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                     00000000775221e0 5 bytes JMP 0000000100070360
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                           0000000077522240 5 bytes JMP 00000001000702a0
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                        0000000077522290 5 bytes JMP 00000001000702c0
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                           00000000775222c0 5 bytes JMP 0000000100070380
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                            00000000775222d0 5 bytes JMP 0000000100070340
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                     00000000775225c0 5 bytes JMP 0000000100070440
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                    00000000775227c0 5 bytes JMP 0000000100070260
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                       00000000775227d0 5 bytes JMP 0000000100070270
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                     00000000775227e0 5 bytes JMP 0000000100070400
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                 00000000775229a0 5 bytes JMP 00000001000701f0
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                  00000000775229b0 5 bytes JMP 0000000100070210
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                       0000000077522a20 5 bytes JMP 0000000100070200
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                       0000000077522a80 5 bytes JMP 0000000100070420
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                        0000000077522a90 5 bytes JMP 0000000100070430
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                   0000000077522aa0 5 bytes JMP 0000000100070220
.text     C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                           0000000077522b80 5 bytes JMP 0000000100070280
.text     C:\Windows\system32\taskhost.exe[2016] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                           000000007730ef8d 1 byte [62]
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                     0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                              00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                              0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                   0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                         0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                              0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                       0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                          0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                              0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                            0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                             0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                          00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                             0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                  0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                 0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                          0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                       0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                             0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                          0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                           0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                              0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                       0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                          0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                               00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                          0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                          0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                 00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                            00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                         00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                               0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                            0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                               00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                         00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                        00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                           00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                         00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                     00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                      00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                           0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                           0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                            0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                       0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                               0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Windows\Explorer.EXE[1116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                    000000007730ef8d 1 byte [62]
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                            0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                     00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                     0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                          0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                     0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                              0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                 0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                       00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                     0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                   0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                    0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                 00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                    0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                         0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                        0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                 0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                              0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                    0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                 0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                  0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                     0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                              0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                 0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                      00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                 0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                 0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                        00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                   00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                      0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                   0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                      00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                       00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                               00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                  00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                            00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                             00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                  0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                  0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                   0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                              0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                      0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                               0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                        00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                        0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                             0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                   0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                        0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                 0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                    0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                          00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                        0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                      0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                       0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                    00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                       0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                            0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                           0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                    0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                 0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                       0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                    0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                     0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                        0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                 0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                    0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                         00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                    0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                    0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                           00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                      00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                   00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                         0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                      0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                         00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                          00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                   00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                  00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                     00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                   00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                               00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                     0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                     0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                      0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                 0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                         0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                            0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                     00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                     0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                          0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                     0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                              0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                 0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                       00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                     0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                   0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                    0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                 00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                    0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                         0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                        0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                 0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                              0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                    0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                 0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                  0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                     0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                              0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                 0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                      00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                 0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                 0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                        00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                   00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                      0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                   0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                      00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                       00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                               00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                  00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                            00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                             00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                  0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                  0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                   0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                              0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                      0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                            0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                     00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                     0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                          0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                     0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                              0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                 0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                       00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                     0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                   0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                    0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                 00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                    0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                         0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                        0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                 0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                              0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                    0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                 0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                  0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                     0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                              0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                 0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                      00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                 0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                 0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                        00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                   00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                      0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                   0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                      00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                       00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                               00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                  00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                            00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                             00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                  0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                  0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                   0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                              0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                      0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                               0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                        00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                        0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                             0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                   0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                        0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                 0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                    0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                          00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                        0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                      0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                       0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                    00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                       0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                            0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                           0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                    0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                 0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                       0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                    0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                     0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                        0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                 0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                    0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                         00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                    0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                    0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                           00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                      00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                   00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                         0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                      0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                         00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                          00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                   00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                  00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                     00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                   00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                               00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                     0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                     0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                      0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                 0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                         0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                              000000007730ef8d 1 byte [62]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                             0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                      00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                      0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                           0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                 0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                      0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                               0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                  0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                        00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                      0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                    0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                     0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                  00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                     0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                          0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                         0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                  0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                               0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                     0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                  0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                   0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                      0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                               0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                  0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                       00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                  0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                  0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                         00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                    00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                 00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                       0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                    0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                       00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                        00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                 00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                   00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                 00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                             00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                              00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                   0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                   0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                    0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                               0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                       0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Windows\PLFSetI.exe[2768] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                     000000007585a2fd 1 byte [62]
.text     C:\Windows\PLFSetI.exe[2768] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                                                                                                                       0000000073e51b41 2 bytes [E5, 73]
.text     C:\Windows\PLFSetI.exe[2768] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                                                                                                                       0000000073e51be8 2 bytes [E5, 73]
.text     C:\Windows\PLFSetI.exe[2768] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                                                                                                                       0000000073e51c20 2 bytes [E5, 73]
.text     C:\Windows\PLFSetI.exe[2768] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                                                                                                                       0000000073e51cd2 2 bytes [E5, 73]
.text     C:\Windows\PLFSetI.exe[2768] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                                                                                                                       0000000073e51cf2 2 bytes [E5, 73]
.text     C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2820] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                 000000007730ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                             0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                      00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                      0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                           0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                 0000000077521570 5 bytes JMP 00000000776803e0
         

Alt 25.08.2014, 16:53   #5
TinaW5
 
"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett - Standard

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett



GMER - Teil 3 von 4:
Code:
ATTFilter
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                      0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                               0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                  0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                        00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                      0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                    0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                     0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                  00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                     0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                          0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                         0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                  0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                               0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                     0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                  0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                   0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                      0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                               0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                  0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                       00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                  0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                  0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                         00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                    00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                 00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                       0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                    0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                       00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                        00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                 00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                   00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                 00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                             00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                              00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                   0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                   0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                    0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                               0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                       0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                 0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                          00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                          0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                               0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                     0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                          0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                   0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                      0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                            00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                          0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                        0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                         0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                      00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                         0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                              0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                             0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                      0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                   0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                         0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                      0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                       0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                          0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                   0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                      0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                           00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                      0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                      0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                             00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                        00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                     00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                           0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                        0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                           00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                            00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                     00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                    00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                       00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                     00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                 00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                  00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                       0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                       0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                        0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                   0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                           0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2968] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                       000000007585a2fd 1 byte [62]
.text     C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe[2068] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                     000000007585a2fd 1 byte [62]
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                      0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                               00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                               0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                    0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                          0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                               0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                        0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                           0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                 00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                               0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                             0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                              0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                           00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                              0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                   0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                  0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                           0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                        0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                              0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                           0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                            0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                               0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                        0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                           0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                           0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                           0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                  00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                             00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                          00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                             0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                 00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                          00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                         00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                            00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                          00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                      00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                       00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                            0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                            0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                             0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                        0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2248] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                         000000007585a2fd 1 byte [62]
.text     C:\Programme\FeedReader30\feedreader.exe[1036] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                   000000007585a2fd 1 byte [62]
.text     C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[736] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                          000000007585a2fd 1 byte [62]
.text     C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[2448] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                           000000007585a2fd 1 byte [62]
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                            000000007585a2fd 1 byte [62]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2408] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                           000000007585a2fd 1 byte [62]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                         0000000077681465 2 bytes [68, 77]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                        00000000776814bb 2 bytes [68, 77]
.text     ...                                                                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2444] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                            000000007585a2fd 1 byte [62]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3152] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                  000000007585a2fd 1 byte [62]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                0000000077681465 2 bytes [68, 77]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                               00000000776814bb 2 bytes [68, 77]
.text     ...                                                                                                                                                                                                                    * 2
?         C:\Windows\system32\mssprxy.dll [3152] entry point in ".rdata" section                                                                                                                                                 00000000748e71e6
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3344] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                000000007585a2fd 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                              000000007585a2fd 1 byte [62]
.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3508] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                       000000007585a2fd 1 byte [62]
.text     C:\Program Files (x86)\Launch Manager\LManager.exe[3576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                         000000007585a2fd 1 byte [62]
.text     C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[3700] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                     000000007585a2fd 1 byte [62]
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                          0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                   00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                   0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                        0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                              0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                   0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                            0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                               0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                     00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                   0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                 0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                  0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                               00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                  0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                       0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                      0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                               0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                            0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                  0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                               0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                   0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                            0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                               0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                    00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                               0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                               0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                      00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                 00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                              00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                    0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                 0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                    00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                     00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                              00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                             00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                              00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                          00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                           00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                 0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                            0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                    0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                         000000007730ef8d 1 byte [62]
.text     C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe[3932] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                        000000007585a2fd 1 byte [62]
         


Alt 25.08.2014, 16:56   #6
TinaW5
 
"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett - Standard

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett



GMER - Teil 4 von 4:
Code:
ATTFilter
.text     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[3532] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                          000000007585a2fd 1 byte [62]
.text     C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe[3660] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                       000000007585a2fd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe[3208] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                 000000007585a2fd 1 byte [62]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[3760] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                                                   0000000075838791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[3760] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                          000000007585a2fd 1 byte [62]
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                            0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                     00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                     0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                          0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                     0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                              0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                 0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                       00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                     0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                   0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                    0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                 00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                    0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                         0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                        0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                 0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                              0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                    0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                 0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                  0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                     0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                              0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                 0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                      00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                 0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                 0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                        00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                   00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                      0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                   0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                      00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                       00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                               00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                  00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                            00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                             00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                  0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                  0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                   0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                              0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                      0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                             0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                      00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                      0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                           0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                 0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                      0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                               0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                  0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                        00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                      0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                    0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                     0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                  00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                     0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                          0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                         0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                  0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                               0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                     0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                  0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                   0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                      0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                               0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                  0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                       00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                  0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                  0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                         00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                    00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                 00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                       0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                    0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                       00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                        00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                 00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                   00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                 00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                             00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                              00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                   0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                   0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                    0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                               0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                       0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                         00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                         0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                              0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                    0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                         0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                  0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                     0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                           00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                         0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                       0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                        0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                     00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                        0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                             0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                            0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                     0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                  0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                        0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                     0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                      0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                         0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                  0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                     0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                          00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                     0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                     0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                            00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                       00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                    00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                          0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                       0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                          00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                           00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                    00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                   00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                      00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                    00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                 00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                      0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                      0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                       0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                  0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                          0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe[6060] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                  000000007585a2fd 1 byte [62]
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                       0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                     0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                           0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                         0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                            0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                  00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                              0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                               0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                            00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                               0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                    0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                   0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                            0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                         0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                               0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                            0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                             0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                         0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                            0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                 00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                            0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                            0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                   00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                              00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                           00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                 0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                              0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                 00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                  00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                           00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                          00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                             00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                           00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                       00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                        00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                             0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                             0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                              0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                         0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                 0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5624] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                        000000007585a2fd 1 byte [62]
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                             0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                      00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                      0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                           0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                 0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                      0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                               0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                  0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                        00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                      0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                    0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                     0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                  00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                     0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                          0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                         0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                  0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                               0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                     0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                  0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                   0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                      0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                               0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                  0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                       00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                  0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                  0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                         00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                    00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                 00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                       0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                    0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                       00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                        00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                 00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                   00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                 00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                             00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                              00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                   0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                   0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                    0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                               0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                       0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Windows\System32\svchost.exe[3360] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                            000000007730ef8d 1 byte [62]
.text     C:\Windows\system32\taskhost.exe[6048] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                           000000007730ef8d 1 byte [62]
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                0000000077521360 5 bytes JMP 0000000077680460
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                         00000000775213b0 5 bytes JMP 0000000077680450
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                         0000000077521510 5 bytes JMP 0000000077680370
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                              0000000077521560 5 bytes JMP 0000000077680470
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                    0000000077521570 5 bytes JMP 00000000776803e0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                         0000000077521620 5 bytes JMP 0000000077680320
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                  0000000077521650 5 bytes JMP 00000000776803b0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                     0000000077521670 5 bytes JMP 0000000077680390
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                           00000000775216b0 5 bytes JMP 00000000776802e0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                         0000000077521730 5 bytes JMP 00000000776802d0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                       0000000077521750 5 bytes JMP 0000000077680310
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                        0000000077521790 5 bytes JMP 00000000776803c0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                     00000000775217e0 5 bytes JMP 00000000776803f0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                        0000000077521940 5 bytes JMP 0000000077680230
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                             0000000077521b00 5 bytes JMP 0000000077680480
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                            0000000077521b30 5 bytes JMP 00000000776803a0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                     0000000077521c10 5 bytes JMP 00000000776802f0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                  0000000077521c20 5 bytes JMP 0000000077680350
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                        0000000077521c80 5 bytes JMP 0000000077680290
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                     0000000077521d10 5 bytes JMP 00000000776802b0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                      0000000077521d30 5 bytes JMP 00000000776803d0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                         0000000077521d40 5 bytes JMP 0000000077680330
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                  0000000077521db0 5 bytes JMP 0000000077680410
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                     0000000077521de0 5 bytes JMP 0000000077680240
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                          00000000775220a0 5 bytes JMP 00000000776801e0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                     0000000077522160 5 bytes JMP 0000000077680250
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                     0000000077522190 5 bytes JMP 0000000077680490
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                            00000000775221a0 5 bytes JMP 00000000776804a0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                       00000000775221d0 5 bytes JMP 0000000077680300
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                    00000000775221e0 5 bytes JMP 0000000077680360
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                          0000000077522240 5 bytes JMP 00000000776802a0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                       0000000077522290 5 bytes JMP 00000000776802c0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                          00000000775222c0 5 bytes JMP 0000000077680380
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                           00000000775222d0 5 bytes JMP 0000000077680340
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                    00000000775225c0 5 bytes JMP 0000000077680440
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                   00000000775227c0 5 bytes JMP 0000000077680260
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                      00000000775227d0 5 bytes JMP 0000000077680270
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                    00000000775227e0 5 bytes JMP 0000000077680400
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                00000000775229a0 5 bytes JMP 00000000776801f0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                 00000000775229b0 5 bytes JMP 0000000077680210
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                      0000000077522a20 5 bytes JMP 0000000077680200
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                      0000000077522a80 5 bytes JMP 0000000077680420
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                       0000000077522a90 5 bytes JMP 0000000077680430
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                  0000000077522aa0 5 bytes JMP 0000000077680220
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                          0000000077522b80 5 bytes JMP 0000000077680280
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                               000000007730ef8d 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[6312] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                              000000007585a2fd 1 byte [62]
.text     C:\Users\XXXXX_2\Desktop\Gmer-19357.exe[7096] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                     000000007585a2fd 1 byte [62]
---- Processes - GMER 2.1 ----

Library   C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe [3192](2014-07-30 00:20:20)                                                0000000003fe0000
Library   c:\users\XXXXX_2\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpocq9c7.dll (*** suspicious ***) @ C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe [3192](2014-08-24 15:41:40)  0000000004660000
Library   C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe [3192](2013-08-23 19:01:44)                                                      000000005d550000
Library   C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe [3192] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)                        0000000065130000

---- Files - GMER 2.1 ----

File      C:\Program Files (x86)\Secunia\PSI\SUA\running                                                                                                                                                                         0 bytes

---- EOF - GMER 2.1 ----
         
adwCleaner
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.308 - Bericht erstellt am 23/08/2014 um 18:39:10
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : XXXXX_2 - XXXXXS-ACER
# Gestartet von : E:\Downloads\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A704768447684&ts=1374655597&type=default&q={searchTerms}

*************************

AdwCleaner[R0].txt - [1327 octets] - [16/08/2014 13:09:41]
AdwCleaner[R1].txt - [5570 octets] - [23/08/2014 18:34:37]
AdwCleaner[S0].txt - [5375 octets] - [23/08/2014 18:39:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5435 octets] ##########
         
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.308 - Bericht erstellt am 24/08/2014 um 10:27:55
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : XXXXX_2 - XXXXXS-ACER
# Gestartet von : C:\Users\XXXXX_2\Downloads\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A704768447684&ts=1374655597&type=default&q={searchTerms}

*************************

AdwCleaner[R0].txt - [1327 octets] - [16/08/2014 13:09:41]
AdwCleaner[R1].txt - [11029 octets] - [23/08/2014 18:34:37]
AdwCleaner[S0].txt - [11020 octets] - [23/08/2014 18:39:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11081 octets] ##########
         
--- --- ---

Alt 26.08.2014, 15:40   #7
schrauber
/// the machine
/// TB-Ausbilder
 

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett - Standard

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.08.2014, 17:49   #8
TinaW5
 
"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett - Standard

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett



Malwarebytes brachte kein Ergebnis, das war gestern ja auch schon so.

JRT.txt:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by XXXXX_2 on 26.08.2014 at 18:22:54,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\XXXXX_2\AppData\Roaming\mozilla\firefox\profiles\jozp0725.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.08.2014 at 18:42:13,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by XXXXX_2 (administrator) on XXXXXS-ACER on 26-08-2014 18:45:26
Running from C:\Users\XXXXX_2\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Corel, Inc.) C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
() C:\Programme\FeedReader30\feedreader.exe
(J3S GmbH) C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PSIService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe [483144 2007-08-17] (Corel, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-K] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe [1218048 2010-06-28] (Siliten)
HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-M] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe [860672 2010-06-28] (Siliten)
HKLM-x32\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [Standby] => C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2010-05-17] (Corel)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [COMPUTER BILD Account-Alarm] => \COMPUTER BILD Account-Alarm /tray
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-24] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [Google Update] => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-23] (Google Inc.)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2058752 2014-08-07] (J3S GmbH)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {49193dcf-b7da-11e1-85a0-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {5b63bcb4-48dd-11e1-92be-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {61431bdb-2fe2-11e2-98ec-1c7508023576} - G:\Startme.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {90066f53-bc5d-11e0-9e2a-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {a733176c-bc55-11e0-ac53-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {da0ccac9-ccf1-11e1-8983-1c7508023576} - G:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.soapreichundschoen.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default
FF Homepage: chrome://speeddial/content/speeddial.xul
FF NetworkProxy: "backup.ftp", "76.73.26.77"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "76.73.26.77"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "76.73.26.77"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "76.73.26.77"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "76.73.26.77"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "76.73.26.77"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "76.73.26.77"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\youtubeunblocker@unblocker.yt [2014-06-20]
FF Extension: DownloadHelper - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-23]
FF Extension: DSL Soforthilfe - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{} [2014-07-23]
FF Extension: Video Downloader professional - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\ffext_basicvideoext@startpage24.xpi [2014-08-23]
FF Extension: Stealthy - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\stealthyextension@gmail.com.xpi [2011-11-20]
FF Extension: Free Hide IP - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\support@free-hideip.com.xpi [2013-04-09]
FF Extension: Tab Auto Reload - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\TabAutoReload@schuzak.jp.xpi [2012-07-20]
FF Extension: Speed Dial - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2011-08-10]
FF Extension: NoScript - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-14]
FF Extension: Adblock Plus - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-07]
FF Extension: {de5aeb72-ad84-429a-bc36-a15da06270bc} - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{de5aeb72-ad84-429a-bc36-a15da06270bc}.xpi [2013-11-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-08-02]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Programme\Video Converter Ultimate\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Programme\Video Converter Ultimate\SVRFirefoxExt [2014-02-07]
FF HKLM-x32\...\Firefox\Extensions: [{78ee576f-36ab-4371-a938-48cd78cd469e}] - C:\Program Files (x86)\Security Utility\securityutility.xpi
FF Extension: No Name - C:\Program Files (x86)\Security Utility\securityutility.xpi [2014-05-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-16]
FF HKCU\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Programme\Video Converter Ultimate\SVRFirefoxExt

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: qvo6
CHR DefaultSearchProvider: qvo6
CHR DefaultSearchURL: hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A704768447684&ts=1374655597&type=default&q={searchTerms}
CHR DefaultSuggestURL: 
CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Freemake np-plugin for google chrome) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (WEB.DE MailCheck) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2013-07-11]
CHR Extension: (Google Wallet) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-24] (AVAST Software)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
S2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed]
U2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 Securepoint VPN; C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe [198024 2012-11-01] ()
S2 SkypeUpdate; C:\Programme\skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-24] ()
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
U4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-26] (Malwarebytes Corporation)
U3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R2 NPF; C:\Windows\SysWOW64\drivers\npf.sys [50704 2010-03-22] (CACE Technologies, Inc.)
S1 PQNTDrv; C:\Windows\SysWow64\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation) [File not signed]
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 wmvad_simple; C:\Windows\System32\drivers\wmvad.sys [23040 2010-12-10] (WonderMedia Technologies, Inc.)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
U3 fwloyuow; \??\C:\Users\XXXXX_2\AppData\Local\Temp\fwloyuow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 18:42 - 2014-08-26 18:42 - 00000882 _____ () C:\Users\XXXXX_2\Desktop\JRT.txt
2014-08-26 18:22 - 2014-08-26 18:22 - 01016261 _____ (Thisisu) C:\Users\XXXXX_2\Desktop\JRT.exe
2014-08-25 17:33 - 2014-08-25 17:33 - 00007668 _____ () C:\Users\XXXXX_2\Desktop\GMER.rar
2014-08-25 17:10 - 2014-08-25 17:15 - 00346019 _____ () C:\Users\XXXXX_2\Desktop\GMER.txt
2014-08-25 16:49 - 2014-08-25 16:49 - 00380416 _____ () C:\Users\XXXXX_2\Desktop\Gmer-19357.exe
2014-08-25 16:45 - 2014-08-25 16:47 - 00054587 _____ () C:\Users\XXXXX_2\Desktop\Addition.txt
2014-08-25 16:44 - 2014-08-26 18:45 - 00028764 _____ () C:\Users\XXXXX_2\Desktop\FRST.txt
2014-08-25 16:44 - 2014-08-26 18:45 - 00000000 ____D () C:\FRST
2014-08-25 16:43 - 2014-08-25 16:43 - 02103296 _____ (Farbar) C:\Users\XXXXX_2\Desktop\FRST64.exe
2014-08-25 16:42 - 2014-08-25 16:43 - 00000478 _____ () C:\Users\XXXXX_2\Desktop\defogger_disable.log
2014-08-25 16:42 - 2014-08-25 16:42 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable
2014-08-25 16:41 - 2014-08-25 16:41 - 00050477 _____ () C:\Users\XXXXX_2\Desktop\Defogger.exe
2014-08-24 18:03 - 2014-08-24 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-24 18:02 - 2014-08-24 18:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-24 10:46 - 2014-08-24 10:46 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-24 10:46 - 2014-08-24 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-24 10:45 - 2014-08-24 10:46 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-24 10:45 - 2014-08-24 10:45 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-24 10:45 - 2014-08-24 10:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-24 10:43 - 2014-08-24 10:43 - 01364531 _____ () C:\Users\XXXXX_2\Desktop\adwcleaner_3.308.exe
2014-08-24 10:26 - 2014-08-24 17:47 - 00002426 _____ () C:\Windows\SecuniaPackage.log
2014-08-24 10:24 - 2014-08-24 10:24 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-24 10:23 - 2014-08-24 10:23 - 00001043 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-08-24 10:23 - 2014-08-24 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-08-24 10:23 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-08-24 10:22 - 2014-08-24 10:22 - 04095448 _____ (BrightFort LLC ) C:\Users\XXXXX_2\Downloads\spywareblastersetup50.exe
2014-08-24 10:16 - 2014-08-24 10:16 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-24 10:16 - 2014-08-24 10:16 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-24 10:16 - 2014-08-24 10:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-24 10:15 - 2014-08-24 10:15 - 01364531 _____ () C:\Users\XXXXX_2\Downloads\adwcleaner_3.308.exe
2014-08-24 10:14 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0 (1).exe
2014-08-24 10:13 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0.exe
2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-08-16 13:23 - 2014-08-24 10:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-16 13:20 - 2014-08-16 13:20 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\AVAST Software
2014-08-16 13:16 - 2014-08-16 13:16 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-16 13:09 - 2014-08-25 17:37 - 00000000 ____D () C:\AdwCleaner
2014-08-16 12:27 - 2014-08-16 13:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-16 12:18 - 2014-08-16 12:18 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-08-16 12:18 - 2014-08-16 12:18 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Secunia PSI
2014-08-16 12:17 - 2014-08-16 12:17 - 05329480 _____ (Secunia) C:\Users\XXXXX_2\Desktop\PSISetup_3.0.0.9016.exe
2014-08-16 12:17 - 2014-08-16 12:17 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-16 12:10 - 2014-08-16 12:13 - 00002131 _____ () C:\DelFix.txt
2014-08-16 12:02 - 2014-08-16 12:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-16 12:02 - 2014-08-16 12:02 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-15 09:41 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 09:41 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-15 09:41 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 09:41 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 09:41 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 09:41 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 09:41 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 09:41 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 09:41 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 09:41 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 09:41 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 09:40 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 09:40 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 09:40 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 09:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 09:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 18:51 - 2014-08-16 12:10 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 16:13 - 2014-08-14 16:13 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-14 16:13 - 2014-08-14 16:13 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-14 16:07 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 16:07 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 16:05 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 16:05 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 16:05 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 16:05 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 16:05 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 16:05 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 16:05 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 16:05 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 16:05 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 16:05 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 16:05 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 16:05 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 16:05 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 16:05 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 16:05 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 16:05 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 16:05 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 16:05 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 16:05 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 16:05 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 16:05 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 16:05 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 16:05 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 16:05 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 16:05 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 16:05 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 16:05 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 16:05 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 16:05 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 16:05 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 16:05 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 16:05 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 16:04 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 16:04 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 16:04 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 16:04 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 16:04 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 16:04 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 16:04 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 16:04 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 16:04 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 16:04 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 16:04 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 16:04 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 16:04 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 16:04 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 16:04 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 16:04 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 16:04 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 16:04 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 16:04 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 16:04 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 16:04 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 16:04 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 16:04 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 16:04 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 16:03 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 16:03 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 15:58 - 2014-08-26 18:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 15:58 - 2014-08-14 15:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 15:58 - 2014-08-14 15:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-14 15:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-14 15:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-14 15:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-14 15:25 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 15:25 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 15:25 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 15:25 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 15:25 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 15:25 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 15:24 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 15:24 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 17:11 - 2014-08-24 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 16:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm
2014-08-06 11:35 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 11:35 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 11:34 - 2014-08-06 11:35 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility
2014-08-05 19:12 - 2014-08-14 15:26 - 00001083 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-02 10:21 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 10:21 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 10:21 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 10:21 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 10:20 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 10:20 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 10:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 10:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 10:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 10:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 18:46 - 2014-08-25 16:44 - 00028764 _____ () C:\Users\XXXXX_2\Desktop\FRST.txt
2014-08-26 18:45 - 2014-08-25 16:44 - 00000000 ____D () C:\FRST
2014-08-26 18:42 - 2014-08-26 18:42 - 00000882 _____ () C:\Users\XXXXX_2\Desktop\JRT.txt
2014-08-26 18:30 - 2011-08-16 18:33 - 00000000 ____D () C:\Users\XXXXX_2\Documents\Outlook-Dateien
2014-08-26 18:27 - 2012-04-15 18:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-26 18:22 - 2014-08-26 18:22 - 01016261 _____ (Thisisu) C:\Users\XXXXX_2\Desktop\JRT.exe
2014-08-26 18:17 - 2012-04-23 17:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-26 18:05 - 2014-08-14 15:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 18:05 - 2012-07-14 11:01 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA.job
2014-08-26 15:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-08-26 15:17 - 2012-04-23 17:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-26 10:05 - 2012-07-14 11:01 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core.job
2014-08-26 09:55 - 2010-09-26 08:46 - 01341666 _____ () C:\Windows\WindowsUpdate.log
2014-08-26 09:42 - 2010-09-26 18:37 - 00703230 _____ () C:\Windows\system32\perfh007.dat
2014-08-26 09:42 - 2010-09-26 18:37 - 00150838 _____ () C:\Windows\system32\perfc007.dat
2014-08-26 09:42 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-25 17:37 - 2014-08-16 13:09 - 00000000 ____D () C:\AdwCleaner
2014-08-25 17:33 - 2014-08-25 17:33 - 00007668 _____ () C:\Users\XXXXX_2\Desktop\GMER.rar
2014-08-25 17:15 - 2014-08-25 17:10 - 00346019 _____ () C:\Users\XXXXX_2\Desktop\GMER.txt
2014-08-25 16:53 - 2014-06-09 20:09 - 00000000 ___RD () C:\Users\XXXXX_2\Dropbox
2014-08-25 16:49 - 2014-08-25 16:49 - 00380416 _____ () C:\Users\XXXXX_2\Desktop\Gmer-19357.exe
2014-08-25 16:47 - 2014-08-25 16:45 - 00054587 _____ () C:\Users\XXXXX_2\Desktop\Addition.txt
2014-08-25 16:45 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-25 16:45 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-25 16:43 - 2014-08-25 16:43 - 02103296 _____ (Farbar) C:\Users\XXXXX_2\Desktop\FRST64.exe
2014-08-25 16:43 - 2014-08-25 16:42 - 00000478 _____ () C:\Users\XXXXX_2\Desktop\defogger_disable.log
2014-08-25 16:42 - 2014-08-25 16:42 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable
2014-08-25 16:42 - 2011-08-08 17:07 - 00000000 ____D () C:\Users\XXXXX_2
2014-08-25 16:41 - 2014-08-25 16:41 - 00050477 _____ () C:\Users\XXXXX_2\Desktop\Defogger.exe
2014-08-25 16:34 - 2012-04-15 18:19 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-25 16:34 - 2012-04-15 18:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-25 16:34 - 2011-08-01 17:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-24 18:03 - 2014-08-24 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-24 18:03 - 2012-02-22 14:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-24 18:02 - 2014-08-24 18:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-24 17:47 - 2014-08-24 10:26 - 00002426 _____ () C:\Windows\SecuniaPackage.log
2014-08-24 17:41 - 2013-07-27 10:17 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Dropbox
2014-08-24 17:40 - 2012-07-21 14:16 - 00196608 _____ () C:\Windows\system32\Ikeext.etl
2014-08-24 17:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 17:39 - 2009-07-14 06:51 - 00179046 _____ () C:\Windows\setupact.log
2014-08-24 17:39 - 2009-07-14 06:45 - 00480072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-24 17:38 - 2010-09-26 08:43 - 00773620 _____ () C:\Windows\PFRO.log
2014-08-24 12:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-24 10:46 - 2014-08-24 10:46 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-24 10:46 - 2014-08-24 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-24 10:46 - 2014-08-24 10:45 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-24 10:45 - 2014-08-24 10:45 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-24 10:45 - 2014-08-24 10:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-24 10:43 - 2014-08-24 10:43 - 01364531 _____ () C:\Users\XXXXX_2\Desktop\adwcleaner_3.308.exe
2014-08-24 10:37 - 2012-06-07 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-24 10:32 - 2012-09-12 13:11 - 00000000 ___RD () C:\Users\XXXXX_2\Mediencenter
2014-08-24 10:32 - 2011-08-01 13:58 - 00002679 _____ () C:\Windows\wininit.ini
2014-08-24 10:25 - 2013-01-18 12:47 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-24 10:24 - 2014-08-24 10:24 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-24 10:23 - 2014-08-24 10:23 - 00001043 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-08-24 10:23 - 2014-08-24 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-08-24 10:23 - 2014-08-16 13:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-24 10:22 - 2014-08-24 10:22 - 04095448 _____ (BrightFort LLC ) C:\Users\XXXXX_2\Downloads\spywareblastersetup50.exe
2014-08-24 10:16 - 2014-08-24 10:16 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-24 10:16 - 2014-08-24 10:16 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-24 10:16 - 2014-08-24 10:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-24 10:16 - 2014-05-10 09:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-24 10:15 - 2014-08-24 10:15 - 01364531 _____ () C:\Users\XXXXX_2\Downloads\adwcleaner_3.308.exe
2014-08-24 10:14 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0 (1).exe
2014-08-24 10:14 - 2014-08-24 10:13 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0.exe
2014-08-24 10:01 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-24 10:01 - 2014-06-09 20:07 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-24 10:01 - 2014-04-20 17:28 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Feedreader
2014-08-24 10:01 - 2011-11-24 17:26 - 00000000 ____D () C:\Windows\system32\Macromed
2014-08-24 10:01 - 2011-08-01 11:55 - 00000000 ___HD () C:\Users\XXXXX
2014-08-24 10:01 - 2010-09-06 13:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-08-24 10:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-24 10:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-24 09:59 - 2011-08-07 13:26 - 00000000 ____D () C:\Programme
2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-08-16 13:20 - 2014-08-16 13:20 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\AVAST Software
2014-08-16 13:16 - 2014-08-16 13:16 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-16 13:16 - 2014-08-16 12:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-16 12:18 - 2014-08-16 12:18 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-08-16 12:18 - 2014-08-16 12:18 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Secunia PSI
2014-08-16 12:17 - 2014-08-16 12:17 - 05329480 _____ (Secunia) C:\Users\XXXXX_2\Desktop\PSISetup_3.0.0.9016.exe
2014-08-16 12:17 - 2014-08-16 12:17 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-16 12:13 - 2014-08-16 12:10 - 00002131 _____ () C:\DelFix.txt
2014-08-16 12:10 - 2014-08-14 18:51 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 12:02 - 2014-08-16 12:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-16 12:02 - 2014-08-16 12:02 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-16 12:02 - 2010-09-06 13:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-16 12:02 - 2010-09-06 13:35 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-16 11:45 - 2011-08-08 15:46 - 00000000 ____D () C:\Program Files (x86)\BILDmobil
2014-08-16 11:44 - 2011-08-11 09:24 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\uTorrent
2014-08-16 11:41 - 2011-10-13 21:15 - 00000000 ____D () C:\ProgramData\Avira
2014-08-16 11:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 20:26 - 2013-01-22 18:16 - 00002367 _____ () C:\Users\XXXXX_2\Desktop\Google Chrome.lnk
2014-08-15 13:48 - 2011-08-27 09:11 - 00000000 ____D () C:\Temp
2014-08-15 13:43 - 2011-08-02 08:43 - 00000000 ____D () C:\Program Files\ConTEXT
2014-08-14 18:25 - 2013-01-18 12:36 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-14 16:13 - 2014-08-14 16:13 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-14 16:13 - 2014-08-14 16:13 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-14 16:13 - 2014-01-28 18:56 - 00001315 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-08-14 15:58 - 2014-08-14 15:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 15:58 - 2014-08-14 15:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-14 15:54 - 2014-06-09 20:09 - 00001026 _____ () C:\Users\XXXXX_2\Desktop\Dropbox.lnk
2014-08-14 15:39 - 2013-08-17 09:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 15:31 - 2011-08-02 08:54 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 15:30 - 2011-08-16 18:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 15:26 - 2014-08-05 19:12 - 00001083 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-14 15:16 - 2012-05-22 20:24 - 00000021 _____ () C:\Users\XXXXX_2\AppData\Local\mc.pixel.data
2014-08-14 15:09 - 2011-08-12 18:01 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\IrfanView
2014-08-14 15:08 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-14 15:08 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-14 15:08 - 2010-09-06 13:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-14 15:07 - 2011-08-01 13:58 - 00000000 ___HD () C:\Users\XXXXX\AppData\Roaming\Mozilla
2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-11 10:57 - 2011-08-26 19:38 - 00000000 ____D () C:\Users\XXXXX_2\dwhelper
2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm
2014-08-06 11:37 - 2014-04-19 19:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 11:35 - 2014-08-06 11:34 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-06 11:35 - 2011-08-01 14:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility
2014-08-05 09:20 - 2011-08-02 18:06 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-01 01:41 - 2014-08-14 16:04 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-14 16:05 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

Some content of TEMP:
====================
C:\Users\XXXXX_2\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXX_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpocq9c7.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 11:34

==================== End Of Log ============================
         
--- --- ---

Alt 27.08.2014, 14:19   #9
schrauber
/// the machine
/// TB-Ausbilder
 

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett - Standard

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett



Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen


Hier ist vor allem das Zurücksetzen wichtig.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.08.2014, 19:12   #10
TinaW5
 
"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett - Standard

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett



Hallo,

das Problem ist inzwischen nicht mehr da. Dafür schon mal vielen Dank.

Hier nun die Logfiles.

ESET - log.txt
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=eb97444b9376274e9154990fa56057fb
# engine=19882
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-28 04:51:34
# local_time=2014-08-28 06:51:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 349979 375037 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 205117 160874544 0 0
# scanned=351991
# found=2
# cleaned=0
# scan_time=21208
sh=320F08D77850B765EF27CD217381C03EB0EFB190 ft=0 fh=0000000000000000 vn="möglicherweise Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\10506d5e.msi"
         
Security-Check - checkup.txt:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Secunia PSI (3.0.0.9016)   
 Java 7 Update 67  
 Adobe Flash Player 14.0.0.179  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
 ESET ESET Online Scanner OnlineScannerApp.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by XXXXX_2 (administrator) on XXXXXS-ACER on 28-08-2014 20:06:25
Running from C:\Users\XXXXX_2\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
() C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Corel, Inc.) C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(J3S GmbH) C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA) F:\R+S Homepage\WS_FTP95.exe
(ConTEXT Project Ltd) C:\Program Files\ConTEXT\ConTEXT.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
() C:\Users\XXXXX_2\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe [483144 2007-08-17] (Corel, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-K] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe [1218048 2010-06-28] (Siliten)
HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-M] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe [860672 2010-06-28] (Siliten)
HKLM-x32\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [Standby] => C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2010-05-17] (Corel)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [COMPUTER BILD Account-Alarm] => \COMPUTER BILD Account-Alarm /tray
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-24] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [Google Update] => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-23] (Google Inc.)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2058752 2014-08-07] (J3S GmbH)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {49193dcf-b7da-11e1-85a0-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {5b63bcb4-48dd-11e1-92be-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {61431bdb-2fe2-11e2-98ec-1c7508023576} - G:\Startme.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {90066f53-bc5d-11e0-9e2a-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {a733176c-bc55-11e0-ac53-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {da0ccac9-ccf1-11e1-8983-1c7508023576} - G:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.soapreichundschoen.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\l3fhdhg7.default
FF Homepage: chrome://speeddial/content/speeddial.xul
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\l3fhdhg7.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-28]
FF Extension: Speed Dial - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\l3fhdhg7.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-08-28]
FF Extension: NoScript - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\l3fhdhg7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-28]
FF Extension: Adblock Plus - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\l3fhdhg7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-28]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: qvo6
CHR DefaultSearchProvider: qvo6
CHR DefaultSearchURL: hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A704768447684&ts=1374655597&type=default&q={searchTerms}
CHR DefaultSuggestURL: 
CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Freemake np-plugin for google chrome) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (WEB.DE MailCheck) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2013-07-11]
CHR Extension: (Google Wallet) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-24] (AVAST Software)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 Securepoint VPN; C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe [198024 2012-11-01] ()
S2 SkypeUpdate; C:\Programme\skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-24] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-24] ()
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-27] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R2 NPF; C:\Windows\SysWOW64\drivers\npf.sys [50704 2010-03-22] (CACE Technologies, Inc.)
S1 PQNTDrv; C:\Windows\SysWow64\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation) [File not signed]
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 wmvad_simple; C:\Windows\System32\drivers\wmvad.sys [23040 2010-12-10] (WonderMedia Technologies, Inc.)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 19:58 - 2014-08-28 19:58 - 00854417 _____ () C:\Users\XXXXX_2\Desktop\SecurityCheck.exe
2014-08-28 12:55 - 2014-08-28 12:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-28 12:54 - 2014-08-28 12:54 - 02347384 _____ (ESET) C:\Users\XXXXX_2\Downloads\esetsmartinstaller_deu.exe
2014-08-28 12:36 - 2014-08-28 12:36 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-28 12:36 - 2014-08-28 12:36 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-28 12:36 - 2014-08-28 12:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-28 12:36 - 2014-08-28 12:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-28 12:01 - 2014-08-28 12:01 - 00000000 ____D () C:\Users\XXXXX_2\Desktop\Alte Firefox-Daten
2014-08-28 11:45 - 2014-08-28 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\XXXXX_2\Desktop\revosetup95.exe
2014-08-28 11:45 - 2014-08-28 11:45 - 00001228 _____ () C:\Users\XXXXX_2\Desktop\Revo Uninstaller.lnk
2014-08-28 11:45 - 2014-08-28 11:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-26 22:13 - 2014-08-26 22:13 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-08-26 22:13 - 2014-08-26 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series
2014-08-26 22:10 - 2014-08-26 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series Benutzerregistrierung
2014-08-26 22:09 - 2014-08-26 22:09 - 00000000 ____D () C:\Windows\SysWOW64\STRING
2014-08-26 22:08 - 2014-08-27 07:10 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-08-26 21:59 - 2014-08-26 21:59 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-08-26 18:42 - 2014-08-26 18:42 - 00000882 _____ () C:\Users\XXXXX_2\Desktop\JRT.txt
2014-08-26 18:22 - 2014-08-26 18:22 - 01016261 _____ (Thisisu) C:\Users\XXXXX_2\Desktop\JRT.exe
2014-08-25 17:33 - 2014-08-25 17:33 - 00007668 _____ () C:\Users\XXXXX_2\Desktop\GMER.rar
2014-08-25 17:10 - 2014-08-25 17:15 - 00346019 _____ () C:\Users\XXXXX_2\Desktop\GMER.txt
2014-08-25 16:49 - 2014-08-25 16:49 - 00380416 _____ () C:\Users\XXXXX_2\Desktop\Gmer-19357.exe
2014-08-25 16:45 - 2014-08-25 16:47 - 00054587 _____ () C:\Users\XXXXX_2\Desktop\Addition.txt
2014-08-25 16:44 - 2014-08-28 20:06 - 00025462 _____ () C:\Users\XXXXX_2\Desktop\FRST.txt
2014-08-25 16:44 - 2014-08-28 20:06 - 00000000 ____D () C:\FRST
2014-08-25 16:43 - 2014-08-25 16:43 - 02103296 _____ (Farbar) C:\Users\XXXXX_2\Desktop\FRST64.exe
2014-08-25 16:42 - 2014-08-25 16:43 - 00000478 _____ () C:\Users\XXXXX_2\Desktop\defogger_disable.log
2014-08-25 16:42 - 2014-08-25 16:42 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable
2014-08-25 16:41 - 2014-08-25 16:41 - 00050477 _____ () C:\Users\XXXXX_2\Desktop\Defogger.exe
2014-08-24 18:03 - 2014-08-24 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-24 18:02 - 2014-08-24 18:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-24 10:46 - 2014-08-24 10:46 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-24 10:46 - 2014-08-24 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-24 10:45 - 2014-08-28 12:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-24 10:45 - 2014-08-24 10:46 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-24 10:45 - 2014-08-24 10:45 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-24 10:45 - 2014-08-24 10:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-24 10:43 - 2014-08-24 10:43 - 01364531 _____ () C:\Users\XXXXX_2\Desktop\adwcleaner_3.308.exe
2014-08-24 10:26 - 2014-08-24 17:47 - 00002426 _____ () C:\Windows\SecuniaPackage.log
2014-08-24 10:24 - 2014-08-24 10:24 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-24 10:23 - 2014-08-24 10:23 - 00001043 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-08-24 10:23 - 2014-08-24 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-08-24 10:23 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-08-24 10:22 - 2014-08-24 10:22 - 04095448 _____ (BrightFort LLC ) C:\Users\XXXXX_2\Downloads\spywareblastersetup50.exe
2014-08-24 10:15 - 2014-08-24 10:15 - 01364531 _____ () C:\Users\XXXXX_2\Downloads\adwcleaner_3.308.exe
2014-08-24 10:14 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0 (1).exe
2014-08-24 10:13 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0.exe
2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-08-16 13:23 - 2014-08-24 10:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-16 13:20 - 2014-08-16 13:20 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\AVAST Software
2014-08-16 13:16 - 2014-08-16 13:16 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-16 13:09 - 2014-08-25 17:37 - 00000000 ____D () C:\AdwCleaner
2014-08-16 12:27 - 2014-08-16 13:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-16 12:18 - 2014-08-16 12:18 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-08-16 12:18 - 2014-08-16 12:18 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Secunia PSI
2014-08-16 12:17 - 2014-08-16 12:17 - 05329480 _____ (Secunia) C:\Users\XXXXX_2\Desktop\PSISetup_3.0.0.9016.exe
2014-08-16 12:17 - 2014-08-16 12:17 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-16 12:10 - 2014-08-16 12:13 - 00002131 _____ () C:\DelFix.txt
2014-08-16 12:02 - 2014-08-16 12:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-16 12:02 - 2014-08-16 12:02 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-15 09:41 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 09:41 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-15 09:41 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 09:41 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 09:41 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 09:41 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 09:41 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 09:41 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 09:41 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 09:41 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 09:41 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 09:40 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 09:40 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 09:40 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 09:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 09:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 18:51 - 2014-08-16 12:10 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 16:13 - 2014-08-14 16:13 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-14 16:13 - 2014-08-14 16:13 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-14 16:07 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 16:07 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 16:05 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 16:05 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 16:05 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 16:05 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 16:05 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 16:05 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 16:05 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 16:05 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 16:05 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 16:05 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 16:05 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 16:05 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 16:05 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 16:05 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 16:05 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 16:05 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 16:05 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 16:05 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 16:05 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 16:05 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 16:05 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 16:05 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 16:05 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 16:05 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 16:05 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 16:05 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 16:05 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 16:05 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 16:05 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 16:05 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 16:05 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 16:05 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 16:04 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 16:04 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 16:04 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 16:04 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 16:04 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 16:04 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 16:04 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 16:04 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 16:04 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 16:04 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 16:04 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 16:04 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 16:04 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 16:04 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 16:04 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 16:04 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 16:04 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 16:04 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 16:04 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 16:04 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 16:04 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 16:04 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 16:04 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 16:04 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 16:03 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 16:03 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 15:58 - 2014-08-27 21:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 15:58 - 2014-08-14 15:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 15:58 - 2014-08-14 15:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-14 15:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-14 15:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-14 15:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-14 15:25 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 15:25 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 15:25 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 15:25 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 15:25 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 15:25 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 15:24 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 15:24 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 17:11 - 2014-08-24 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 16:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm
2014-08-06 11:35 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 11:35 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 11:34 - 2014-08-06 11:35 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility
2014-08-02 10:21 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 10:21 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 10:21 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 10:21 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 10:20 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 10:20 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 10:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 10:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 10:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 10:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 20:07 - 2014-08-25 16:44 - 00025462 _____ () C:\Users\XXXXX_2\Desktop\FRST.txt
2014-08-28 20:06 - 2014-08-25 16:44 - 00000000 ____D () C:\FRST
2014-08-28 20:05 - 2012-07-14 11:01 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA.job
2014-08-28 19:58 - 2014-08-28 19:58 - 00854417 _____ () C:\Users\XXXXX_2\Desktop\SecurityCheck.exe
2014-08-28 19:40 - 2011-08-16 18:33 - 00000000 ____D () C:\Users\XXXXX_2\Documents\Outlook-Dateien
2014-08-28 19:27 - 2012-04-15 18:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-28 19:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-08-28 19:17 - 2012-04-23 17:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-28 16:08 - 2010-09-26 08:46 - 01448644 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 15:17 - 2012-04-23 17:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-28 12:55 - 2014-08-28 12:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-28 12:54 - 2014-08-28 12:54 - 02347384 _____ (ESET) C:\Users\XXXXX_2\Downloads\esetsmartinstaller_deu.exe
2014-08-28 12:36 - 2014-08-28 12:36 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-28 12:36 - 2014-08-28 12:36 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-28 12:36 - 2014-08-28 12:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-28 12:36 - 2014-08-28 12:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-28 12:27 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-28 12:27 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-28 12:20 - 2014-08-24 10:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-28 12:20 - 2014-06-09 20:09 - 00000000 ___RD () C:\Users\XXXXX_2\Dropbox
2014-08-28 12:19 - 2013-07-27 10:17 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Dropbox
2014-08-28 12:17 - 2012-07-21 14:16 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-08-28 12:17 - 2011-08-08 17:07 - 00000000 ____D () C:\Users\XXXXX_2
2014-08-28 12:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-28 12:17 - 2009-07-14 06:51 - 00179158 _____ () C:\Windows\setupact.log
2014-08-28 12:17 - 2009-07-14 06:45 - 00480072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 12:15 - 2011-08-01 11:55 - 00000000 ___HD () C:\Users\XXXXX
2014-08-28 12:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-28 12:01 - 2014-08-28 12:01 - 00000000 ____D () C:\Users\XXXXX_2\Desktop\Alte Firefox-Daten
2014-08-28 11:45 - 2014-08-28 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\XXXXX_2\Desktop\revosetup95.exe
2014-08-28 11:45 - 2014-08-28 11:45 - 00001228 _____ () C:\Users\XXXXX_2\Desktop\Revo Uninstaller.lnk
2014-08-28 11:45 - 2014-08-28 11:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-28 10:05 - 2012-07-14 11:01 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core.job
2014-08-28 09:40 - 2010-09-26 18:37 - 00703230 _____ () C:\Windows\system32\perfh007.dat
2014-08-28 09:40 - 2010-09-26 18:37 - 00150838 _____ () C:\Windows\system32\perfc007.dat
2014-08-28 09:40 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 21:18 - 2014-08-14 15:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 07:10 - 2014-08-26 22:08 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-08-26 22:13 - 2014-08-26 22:13 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-08-26 22:13 - 2014-08-26 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series
2014-08-26 22:13 - 2011-08-16 13:44 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-08-26 22:10 - 2014-08-26 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series Benutzerregistrierung
2014-08-26 22:09 - 2014-08-26 22:09 - 00000000 ____D () C:\Windows\SysWOW64\STRING
2014-08-26 21:59 - 2014-08-26 21:59 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-08-26 18:42 - 2014-08-26 18:42 - 00000882 _____ () C:\Users\XXXXX_2\Desktop\JRT.txt
2014-08-26 18:22 - 2014-08-26 18:22 - 01016261 _____ (Thisisu) C:\Users\XXXXX_2\Desktop\JRT.exe
2014-08-25 17:37 - 2014-08-16 13:09 - 00000000 ____D () C:\AdwCleaner
2014-08-25 17:33 - 2014-08-25 17:33 - 00007668 _____ () C:\Users\XXXXX_2\Desktop\GMER.rar
2014-08-25 17:15 - 2014-08-25 17:10 - 00346019 _____ () C:\Users\XXXXX_2\Desktop\GMER.txt
2014-08-25 16:49 - 2014-08-25 16:49 - 00380416 _____ () C:\Users\XXXXX_2\Desktop\Gmer-19357.exe
2014-08-25 16:47 - 2014-08-25 16:45 - 00054587 _____ () C:\Users\XXXXX_2\Desktop\Addition.txt
2014-08-25 16:43 - 2014-08-25 16:43 - 02103296 _____ (Farbar) C:\Users\XXXXX_2\Desktop\FRST64.exe
2014-08-25 16:43 - 2014-08-25 16:42 - 00000478 _____ () C:\Users\XXXXX_2\Desktop\defogger_disable.log
2014-08-25 16:42 - 2014-08-25 16:42 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable
2014-08-25 16:41 - 2014-08-25 16:41 - 00050477 _____ () C:\Users\XXXXX_2\Desktop\Defogger.exe
2014-08-25 16:34 - 2012-04-15 18:19 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-25 16:34 - 2012-04-15 18:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-25 16:34 - 2011-08-01 17:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-24 18:03 - 2014-08-24 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-24 18:03 - 2012-02-22 14:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-24 18:02 - 2014-08-24 18:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-24 17:47 - 2014-08-24 10:26 - 00002426 _____ () C:\Windows\SecuniaPackage.log
2014-08-24 17:38 - 2010-09-26 08:43 - 00773620 _____ () C:\Windows\PFRO.log
2014-08-24 12:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-24 10:46 - 2014-08-24 10:46 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-24 10:46 - 2014-08-24 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-24 10:46 - 2014-08-24 10:45 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-24 10:45 - 2014-08-24 10:45 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-24 10:45 - 2014-08-24 10:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-24 10:43 - 2014-08-24 10:43 - 01364531 _____ () C:\Users\XXXXX_2\Desktop\adwcleaner_3.308.exe
2014-08-24 10:37 - 2012-06-07 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-24 10:32 - 2012-09-12 13:11 - 00000000 ___RD () C:\Users\XXXXX_2\Mediencenter
2014-08-24 10:32 - 2011-08-01 13:58 - 00002679 _____ () C:\Windows\wininit.ini
2014-08-24 10:25 - 2013-01-18 12:47 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-24 10:24 - 2014-08-24 10:24 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-24 10:23 - 2014-08-24 10:23 - 00001043 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-08-24 10:23 - 2014-08-24 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-08-24 10:23 - 2014-08-16 13:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-24 10:22 - 2014-08-24 10:22 - 04095448 _____ (BrightFort LLC ) C:\Users\XXXXX_2\Downloads\spywareblastersetup50.exe
2014-08-24 10:15 - 2014-08-24 10:15 - 01364531 _____ () C:\Users\XXXXX_2\Downloads\adwcleaner_3.308.exe
2014-08-24 10:14 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0 (1).exe
2014-08-24 10:14 - 2014-08-24 10:13 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0.exe
2014-08-24 10:01 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-24 10:01 - 2014-06-09 20:07 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-24 10:01 - 2014-04-20 17:28 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Feedreader
2014-08-24 10:01 - 2011-11-24 17:26 - 00000000 ____D () C:\Windows\system32\Macromed
2014-08-24 10:01 - 2010-09-06 13:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-08-24 10:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-24 09:59 - 2011-08-07 13:26 - 00000000 ____D () C:\Programme
2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-08-16 13:20 - 2014-08-16 13:20 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\AVAST Software
2014-08-16 13:16 - 2014-08-16 13:16 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-16 13:16 - 2014-08-16 12:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-16 12:18 - 2014-08-16 12:18 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-08-16 12:18 - 2014-08-16 12:18 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Secunia PSI
2014-08-16 12:17 - 2014-08-16 12:17 - 05329480 _____ (Secunia) C:\Users\XXXXX_2\Desktop\PSISetup_3.0.0.9016.exe
2014-08-16 12:17 - 2014-08-16 12:17 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-16 12:13 - 2014-08-16 12:10 - 00002131 _____ () C:\DelFix.txt
2014-08-16 12:10 - 2014-08-14 18:51 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 12:02 - 2014-08-16 12:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-16 12:02 - 2014-08-16 12:02 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-16 12:02 - 2010-09-06 13:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-16 12:02 - 2010-09-06 13:35 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-16 11:45 - 2011-08-08 15:46 - 00000000 ____D () C:\Program Files (x86)\BILDmobil
2014-08-16 11:44 - 2011-08-11 09:24 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\uTorrent
2014-08-16 11:41 - 2011-10-13 21:15 - 00000000 ____D () C:\ProgramData\Avira
2014-08-16 11:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 20:26 - 2013-01-22 18:16 - 00002367 _____ () C:\Users\XXXXX_2\Desktop\Google Chrome.lnk
2014-08-15 13:48 - 2011-08-27 09:11 - 00000000 ____D () C:\Temp
2014-08-15 13:43 - 2011-08-02 08:43 - 00000000 ____D () C:\Program Files\ConTEXT
2014-08-14 18:25 - 2013-01-18 12:36 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-14 16:13 - 2014-08-14 16:13 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-14 16:13 - 2014-08-14 16:13 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-14 16:13 - 2014-01-28 18:56 - 00001315 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-08-14 15:58 - 2014-08-14 15:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 15:58 - 2014-08-14 15:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-14 15:54 - 2014-06-09 20:09 - 00001026 _____ () C:\Users\XXXXX_2\Desktop\Dropbox.lnk
2014-08-14 15:39 - 2013-08-17 09:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 15:31 - 2011-08-02 08:54 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 15:30 - 2011-08-16 18:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 15:16 - 2012-05-22 20:24 - 00000021 _____ () C:\Users\XXXXX_2\AppData\Local\mc.pixel.data
2014-08-14 15:09 - 2011-08-12 18:01 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\IrfanView
2014-08-14 15:08 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-14 15:08 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-14 15:08 - 2010-09-06 13:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-14 15:07 - 2011-08-01 13:58 - 00000000 ___HD () C:\Users\XXXXX\AppData\Roaming\Mozilla
2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-11 10:57 - 2011-08-26 19:38 - 00000000 ____D () C:\Users\XXXXX_2\dwhelper
2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm
2014-08-06 11:37 - 2014-04-19 19:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 11:35 - 2014-08-06 11:34 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-06 11:35 - 2011-08-01 14:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility
2014-08-05 09:20 - 2011-08-02 18:06 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-01 01:41 - 2014-08-14 16:04 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-14 16:05 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

Some content of TEMP:
====================
C:\Users\XXXXX_2\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXX_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0yphtn.dll
C:\Users\XXXXX_2\AppData\Local\Temp\MSETUP4.EXE
C:\Users\XXXXX_2\AppData\Local\Temp\uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 22:14

==================== End Of Log ============================
         
--- --- ---

Alt 29.08.2014, 10:46   #11
schrauber
/// the machine
/// TB-Ausbilder
 

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett - Standard

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Windows\Installer\10506d5e.msi
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.08.2014, 16:42   #12
TinaW5
 
"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett - Standard

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett



Hallo,

alles erledigt.
Die C:\Windows\Installer\10506d5e.msi wurde erfolgreich gelöscht. Den Logfile kann ich leider nicht mehr posten, weil ich die nicht in einem anderen Verzeichnis gesichert hatte, bevor Delfix aufgeräumt hat. Ich hatte aber vorher reingeschaut und gesehen, dass das Löschen geklappt hatte.

Die meisten Tipps hatte ich schon umgesetzt und auch schon einiges an Schutzsoftware laufen, WinPatrol, WOT und TFC habe ich nun noch ergänzt.

Ich danke für die Hilfe - das Topic kann dann geschlossen werden.

Alt 30.08.2014, 07:06   #13
schrauber
/// the machine
/// TB-Ausbilder
 

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett - Standard

"plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett
adobe flashplayer, adware, anlage, antivirus, avira, browser, cpu, device driver, dsl, dvdvideosoft ltd., error, firefox, flash player, free youtube downloader, ftp, funktioniert nicht mehr, google, home, homepage, iexplore.exe, launch, mozilla, popup, realtek, registry, rundll, scan, security, software, svchost.exe, system, windows



Ähnliche Themen: "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett


  1. neuer PC auf einmal sehr langsam, Firefox-Meldungen "Skript beschäftigt oder antwortet nicht", "keine Rückmeldung"
    Plagegeister aller Art und deren Bekämpfung - 20.05.2015 (26)
  2. Nach Start "CDBurnerXP funktioniert nicht mehr"
    Alles rund um Windows - 25.12.2014 (8)
  3. "Windows Explorer funktioniert nicht mehr" stützt ständig ab was tun?
    Log-Analyse und Auswertung - 19.12.2014 (3)
  4. Erweiterung "Download Protect 2.2.0" im Firefox läßt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.04.2014 (7)
  5. "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das Internet
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (45)
  6. Firefox "Neuer Tab": mixidj.delta-search.com, lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (24)
  7. Firefox "spinnt": IP anders, Routerzugriff verweigert! Opera funktioniert einwandfrei!
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (1)
  8. Firefox / plugin-container.exe - Absturz/ adobe flash player --> Problem
    Plagegeister aller Art und deren Bekämpfung - 24.02.2012 (8)
  9. Jede Minute Popup: "winsynup.exe funktioniert nicht mehr"
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (1)
  10. TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr"
    Log-Analyse und Auswertung - 07.05.2011 (23)
  11. TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr"
    Log-Analyse und Auswertung - 02.05.2011 (21)
  12. Bei jedem PC-Start erscheint : "syncui funktioniert nicht mehr"
    Plagegeister aller Art und deren Bekämpfung - 29.01.2011 (6)
  13. Trojaner Problem: "Windows Explorer funktioniert nicht mehr"
    Plagegeister aller Art und deren Bekämpfung - 20.07.2010 (13)
  14. Mc Afee HTML UI Container funktioniert nicht mehr
    Antiviren-, Firewall- und andere Schutzprogramme - 20.01.2010 (1)
  15. Vista : Antiviren-Programme "funktioniert nicht mehr"
    Antiviren-, Firewall- und andere Schutzprogramme - 28.12.2009 (1)
  16. Firefox hat hat "google redirect Problem" & Desktophintergrund läßt sich nicht ändern
    Log-Analyse und Auswertung - 09.05.2009 (1)
  17. "Internet Explorer funktioniert nicht mehr" Hilfe...:(
    Plagegeister aller Art und deren Bekämpfung - 07.01.2008 (7)

Zum Thema "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett - Firefox schließt sich, wenn ich irgendwo ein Flashvideo anklicke. Es kommt die Fehlermeldung "plugin container for firefox funktioniert nicht mehr". Deinstallation von Firefox und Neuinstallation hat nicht geholfen. Adobe Flashplayer - "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett...
Archiv
Du betrachtest: "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.