Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win7, Search Protect + istasurf eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.09.2014, 16:34   #1
V0rt3X
 
Win7, Search Protect + istasurf eingefangen - Standard

Win7, Search Protect + istasurf eingefangen



Hallo zusammen.
Leider habe ich mir wie in der Beschreibung beschrieben das lästige Search Protect mit istasurf eingefangen und komme nach stunden langer Suche nicht weiter. Deshalb wende ich mich nun an euch und hoffe hier Hilfe zu bekommen.

Alt 11.09.2014, 16:37   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win7, Search Protect + istasurf eingefangen - Standard

Win7, Search Protect + istasurf eingefangen



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 11.09.2014, 16:44   #3
V0rt3X
 
Win7, Search Protect + istasurf eingefangen - Standard

Win7, Search Protect + istasurf eingefangen



Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:06 on 11/09/2014 (Cronix)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Cronix (administrator) on REAVOR on 11-09-2014 17:11:28
Running from C:\Users\Cronix\Desktop\Tools
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) D:\Programme\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Elaborate Bytes AG) D:\Programme\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) D:\Programme\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-24] (Logitech Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Programme\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Programme\Avast\AvastUI.exe [4085896 2014-08-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1561155398-30386077-217878308-1001\...\Run: [Google Update] => C:\Users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-02] (Google Inc.)
HKU\S-1-5-21-1561155398-30386077-217878308-1001\...\MountPoints2: {99061929-d9f1-11e3-b68b-00044b1991c3} - F:\AutoRun.exe
HKU\S-1-5-21-1561155398-30386077-217878308-1001\...\MountPoints2: {9906193c-d9f1-11e3-b68b-00044b1991c3} - F:\AutoRun.exe
HKU\S-1-5-21-1561155398-30386077-217878308-1001\...\MountPoints2: {b884a9ad-29f2-11e2-adc8-00044b1991c3} - G:\setup.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Programme\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4AF9E940FBBDCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.pu-results.info/?l=1&q={searchTerms}&pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.pu-results.info/?l=1&q={searchTerms}&pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9-x64 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.72.40

FireFox:
========
FF ProfilePath: C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default
FF NewTab: hxxp://www.istartsurf.com/newtab/?type=nt&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
FF DefaultSearchEngine: istartsurf
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
FF Keyword.URL: hxxp://websearch.pu-results.info/?pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\searchplugins\WebSearch.xml
FF Extension: Browse2save - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\dzdo@fxhb.net [2013-04-02]
FF Extension: Fast Start - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\faststartff@gmail.com [2014-09-06]
FF Extension: {{EXT_NAME}} - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack [2014-09-10]
FF Extension: Lavasoft Search Plugin - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-02]
FF Extension: SearCyhi-aNeowaTAbb - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\rdveyy@tau.com [2013-04-02]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Programme\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Programme\Avast\WebRep\FF [2012-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com
FF Extension: No Name - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\herman.thorne45@outlook.com [Not Found]
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "https://www.google.de/webhp?sourceid=chrome-instant&rlz=1C1GTPM_deDE530DE530&ion=1&espv=2&ie=UTF-8"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - D:\Programme\Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR Plugin: (Google Update) - C:\Users\Cronix\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (VLC Web Plugin) - D:\Programme\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-02]
CHR Extension: (Google Drive) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-02]
CHR Extension: (Google-Suche) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-02]
CHR Extension: (Logitech SetPoint) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-04-02]
CHR Extension: (Cut the Rope) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-04-02]
CHR Extension: (Fruity Annie) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbacnfobpliffdmiickfhceamljbcnjf [2013-04-02]
CHR Extension: (lipakennkogpodadpikgipnogamhklmk) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2014-09-10]
CHR Extension: (Google Wallet) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-02]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx []
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Programme\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; D:\Programme\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-06] (Cherished Technololgy LIMITED)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-08] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-02] (GFI Software)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [61088 2012-03-15] (SEIKO EPSON CORPORATION)
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 17:11 - 2014-09-11 17:11 - 00000000 ____D () C:\FRST
2014-09-11 16:59 - 2014-09-11 17:11 - 00000000 ____D () C:\Users\Cronix\Desktop\Tools
2014-09-11 03:00 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:00 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 03:00 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:00 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:00 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:00 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 03:00 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:00 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:00 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:00 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:00 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:00 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:00 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 03:00 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:00 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:00 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:00 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:00 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:00 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:00 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 03:00 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:00 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:00 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 03:00 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:00 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 03:00 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 03:00 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 03:00 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 03:00 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:00 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:00 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 03:00 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 03:00 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:00 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 03:00 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 03:00 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 03:00 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 03:00 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:00 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:00 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:00 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:00 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:00 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 03:00 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 03:00 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 03:00 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:00 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 03:00 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:00 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 03:00 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 03:00 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 03:00 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:00 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 03:00 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 03:00 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:00 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 23:11 - 2014-09-11 03:44 - 00000000 ____D () C:\Windows\rescache
2014-09-10 21:34 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 21:34 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 20:28 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-09 20:28 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-09 20:25 - 2014-09-09 20:25 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 1
2014-09-09 20:23 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-09 20:23 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 20:17 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 20:17 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 20:17 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-09 20:17 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 20:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-09 20:17 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-09 20:17 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-09 20:06 - 2014-09-09 20:06 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 2
2014-09-09 19:52 - 2014-09-09 19:52 - 00003148 _____ () C:\Windows\System32\Tasks\{38F96F6E-C465-43B4-9558-C378A02AFAFE}
2014-09-06 09:03 - 2014-09-11 03:08 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-06 09:03 - 2014-09-09 19:51 - 00000000 ____D () C:\Program Files (x86)\Browsers Apps -
2014-09-06 09:03 - 2014-09-06 09:03 - 00000000 ____D () C:\Users\Cronix\AppData\Local\globalUpdate
2014-09-06 09:01 - 2014-09-09 20:01 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-06 09:01 - 2014-09-06 09:02 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-06 09:01 - 2014-09-06 09:02 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-06 09:01 - 2014-09-06 09:01 - 00000000 ____D () C:\Users\Cronix\Documents\My Cheat Tables
2014-08-27 21:41 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 21:41 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 21:41 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 18:38 - 2014-08-22 18:38 - 00001123 _____ () C:\Users\Cronix\Desktop\Amazon Music.lnk
2014-08-20 21:56 - 2014-08-20 21:56 - 00004728 _____ () C:\Users\Cronix\Desktop\Flitze Feuerzahn.m3u
2014-08-18 20:53 - 2014-08-18 20:53 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 20:53 - 2014-08-18 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 21:35 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 21:35 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 21:35 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 21:35 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 21:35 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 21:35 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 21:35 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 21:35 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 21:32 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 21:32 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 21:32 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 21:32 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 21:32 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 21:32 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 21:32 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 21:32 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 21:32 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 21:32 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 21:32 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 21:32 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 21:27 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 21:27 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 21:27 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 21:27 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 21:27 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 21:27 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 21:27 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 21:27 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 21:27 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 21:27 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 21:26 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 21:26 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 21:24 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 21:24 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 17:11 - 2014-09-11 17:11 - 00000000 ____D () C:\FRST
2014-09-11 17:11 - 2014-09-11 16:59 - 00000000 ____D () C:\Users\Cronix\Desktop\Tools
2014-09-11 17:11 - 2013-04-02 20:15 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001UA.job
2014-09-11 17:11 - 2013-04-02 20:15 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001Core.job
2014-09-11 16:59 - 2012-12-19 18:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 16:49 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 16:49 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 16:44 - 2012-11-08 23:31 - 01928355 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 16:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 16:41 - 2012-11-08 23:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-11 16:41 - 2009-07-14 06:51 - 00025983 _____ () C:\Windows\setupact.log
2014-09-11 08:47 - 2012-11-09 17:17 - 00000000 ____D () C:\Users\Cronix\AppData\Roaming\vlc
2014-09-11 03:44 - 2014-09-10 23:11 - 00000000 ____D () C:\Windows\rescache
2014-09-11 03:08 - 2014-09-06 09:03 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-10 21:38 - 2013-04-02 18:07 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 21:38 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-09-10 21:38 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-09-10 21:38 - 2009-07-14 07:13 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 21:37 - 2013-08-16 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 21:35 - 2012-11-09 01:22 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 21:34 - 2014-05-07 17:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 20:25 - 2014-09-09 20:25 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 1
2014-09-09 20:06 - 2014-09-09 20:06 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 2
2014-09-09 20:01 - 2014-09-06 09:01 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-09 19:53 - 2012-11-08 23:53 - 00000720 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-09 19:53 - 2012-11-08 23:36 - 00001409 _____ () C:\Users\Cronix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-09 19:52 - 2014-09-09 19:52 - 00003148 _____ () C:\Windows\System32\Tasks\{38F96F6E-C465-43B4-9558-C378A02AFAFE}
2014-09-09 19:51 - 2014-09-06 09:03 - 00000000 ____D () C:\Program Files (x86)\Browsers Apps -
2014-09-06 09:23 - 2012-11-08 23:43 - 00372428 _____ () C:\Windows\PFRO.log
2014-09-06 09:03 - 2014-09-06 09:03 - 00000000 ____D () C:\Users\Cronix\AppData\Local\globalUpdate
2014-09-06 09:03 - 2012-12-14 18:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-06 09:02 - 2014-09-06 09:01 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-06 09:02 - 2014-09-06 09:01 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-06 09:01 - 2014-09-06 09:01 - 00000000 ____D () C:\Users\Cronix\Documents\My Cheat Tables
2014-09-06 09:00 - 2012-11-15 22:29 - 00000000 ____D () C:\Windows\pss
2014-09-05 06:05 - 2014-03-05 18:10 - 00000000 ____D () C:\Users\Cronix\AppData\Local\Battle.net
2014-09-05 04:10 - 2014-09-09 20:17 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-09 20:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 19:54 - 2012-12-06 17:02 - 00004144 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-28 03:16 - 2009-07-14 06:45 - 00294680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 04:07 - 2014-08-27 21:41 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 21:41 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 21:41 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 18:38 - 2014-08-22 18:38 - 00001123 _____ () C:\Users\Cronix\Desktop\Amazon Music.lnk
2014-08-20 21:56 - 2014-08-20 21:56 - 00004728 _____ () C:\Users\Cronix\Desktop\Flitze Feuerzahn.m3u
2014-08-19 20:05 - 2014-09-11 03:00 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 03:00 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-11 03:00 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 03:00 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 03:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 03:00 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 03:00 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 03:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 03:00 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-11 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-11 03:00 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 03:00 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 03:00 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 03:00 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 03:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 03:00 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 03:00 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 03:00 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 03:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 03:00 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 03:00 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 03:00 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 03:00 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 03:00 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-11 03:00 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-11 03:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 03:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 03:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 03:00 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 03:00 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-11 03:00 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-11 03:00 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 03:00 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 03:00 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 03:00 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 03:00 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 03:00 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-11 03:00 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-11 03:00 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 20:53 - 2014-08-18 20:53 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 20:53 - 2014-08-18 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-18 20:48 - 2014-04-15 23:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-16 17:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Cronix\AppData\Local\Temp\AskSLib.dll
C:\Users\Cronix\AppData\Local\Temp\ce3dead0-68a2-4a82-8530-dc91ebf30aa6.exe
C:\Users\Cronix\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Cronix\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Cronix\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Cronix\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Cronix\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Cronix\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-07 21:23

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Cronix at 2014-09-11 17:12:06
Running from C:\Users\Cronix\Desktop\Tools
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{909A791A-DBB0-432F-BC0E-D0C81925E340}) (Version: 4.5.3.4746 - Canneverbe Limited)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
Day of Defeat (HKLM-x32\...\Steam App 30) (Version:  - Valve)
Deathmatch Classic (HKLM-x32\...\Steam App 40) (Version:  - Valve)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-2530 Series (HKLM-x32\...\WF-2530 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free YouTube to MP3 Converter version 3.12.35.514 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.35.514 - DVDVideoSoft Ltd.)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version:  - Gearbox)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version:  - Gearbox)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
K-Lite Mega Codec Pack 9.6.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.6.5 - )
Logitech Gaming Software (Version: 8.35.18 - Logitech Inc.) Hidden
Logitech Gaming Software 8.35 (HKLM\...\Logitech Gaming Software) (Version: 8.35.18 - Logitech Inc.)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
MotoGP™13 (HKLM-x32\...\Steam App 240600) (Version:  - Milestone S.r.l.)
Mozilla Firefox 16.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 16.0.2 (x86 de)) (Version: 16.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0 - Mozilla)
Mozilla Thunderbird 17.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0 (x86 de)) (Version: 17.0 - Mozilla)
Mozilla Thunderbird 17.0.2 (x86 de) (HKCU\...\Mozilla Thunderbird 17.0.2 (x86 de)) (Version: 17.0.2 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7316 - NVIDIA Corporation) Hidden
NVIDIA Grafiktreiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA MediaShield (HKLM-x32\...\{CC452A50-5C87-4A1F-B295-445C3C69BF7D}) (Version: 11.1.0.43 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Ricochet (HKLM-x32\...\Steam App 60) (Version:  - Valve)
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
SUPER © v2013.build.56+Recorder (2013/07/07) Version v2013.buil (HKLM-x32\...\{8F3A1F92-C29F-4DF9-8459-B739A4831C69}_is1) (Version: v2013.build.56+Recorder - eRightSoft)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TP-LINK TL-WN821N_WN822N Treiber (HKLM-x32\...\{62FE0726-9652-4CD2-9F09-C769D8699C21}) (Version: 1.2.1 - TP-LINK)
TP-LINK-Konfigurationstool (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.2.1 - TP-LINK)
tRoX's CS Script Pack v2.0 (HKLM-x32\...\tRoX's CS Script Pack v2.0) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
USB Storage Driver (HKLM-x32\...\GENEUIDE) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1561155398-30386077-217878308-1001_Classes\CLSID\{1fa91feb-062d-48df-9a63-be54ab6d9e40}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1561155398-30386077-217878308-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1561155398-30386077-217878308-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1561155398-30386077-217878308-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1561155398-30386077-217878308-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

11-09-2014 01:47:27 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1E1C11AC-A595-4631-99F0-1BAFCF765393} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001UA => C:\Users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-02] (Google Inc.)
Task: {39D14073-A5DA-45AC-AB9B-A54888E14334} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001Core => C:\Users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-02] (Google Inc.)
Task: {901B8695-71C2-4CFF-ADCF-3A2E04CF8D25} - System32\Tasks\elbyExecuteWithUAC => D:\Programme\CloneDVD2\ExecuteWithUAC.exe
Task: {9A23D046-C350-4263-832D-18CAC014B2D5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9F3DD7E8-3A3A-4C0C-8710-7C22D499FBD6} - System32\Tasks\avast! Emergency Update => D:\Programme\Avast\AvastEmUpdate.exe [2014-07-08] (AVAST Software)
Task: {B3E81F77-CFD2-4AF9-B9CF-E777FD31E3CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {E150D9F7-B900-4A14-BE97-2A663829AD64} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001Core.job => C:\Users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001UA.job => C:\Users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-08 23:39 - 2013-03-15 06:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-21 12:33 - 2014-09-06 09:01 - 00106376 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2014-08-21 12:32 - 2014-09-06 09:01 - 00733576 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2009-08-10 17:01 - 2009-08-10 17:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-08-10 17:00 - 2009-08-10 17:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-08-10 17:01 - 2009-08-10 17:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2009-08-10 17:01 - 2009-08-10 17:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2014-07-08 13:40 - 2014-07-08 13:40 - 00301152 _____ () D:\Programme\Avast\aswProperty.dll
2014-09-10 21:31 - 2014-09-10 21:31 - 02847744 _____ () D:\Programme\Avast\defs\14091000\algo.dll
2014-09-11 16:42 - 2014-09-11 16:42 - 02862592 _____ () D:\Programme\Avast\defs\14091100\algo.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-21 12:33 - 2014-09-06 09:01 - 00023944 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2014-07-08 13:40 - 2014-07-08 13:40 - 19329904 _____ () D:\Programme\Avast\libcef.dll
2014-09-04 02:15 - 2014-08-30 04:49 - 01098056 _____ () C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-04 02:15 - 2014-08-30 04:49 - 00174408 _____ () C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-04 02:15 - 2014-08-30 04:49 - 08577864 _____ () C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-04 02:15 - 2014-08-30 04:49 - 00331592 _____ () C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-04 02:15 - 2014-08-30 04:49 - 01660232 _____ () C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2014-09-04 02:15 - 2014-08-30 04:49 - 14669128 _____ () C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK-Konfigurationstool.lnk => C:\Windows\pss\TP-LINK-Konfigurationstool.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Cronix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Cronix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Cronix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts App.lnk => C:\Windows\pss\Severe Weather Alerts App.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Cronix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts.lnk => C:\Windows\pss\Severe Weather Alerts.lnk.Startup
MSCONFIG\startupreg: Ad-Aware Antivirus => "D:\Programme\Adaware\AdAwareLauncher" --windows-run
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Cronix\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "D:\Programme\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "D:\Programme\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: WinampAgent => D:\Programme\Winamp\winampa.exe
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2014 11:05:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/07/2014 09:23:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/06/2014 09:03:14 AM) (Source: MsiInstaller) (EventID: 11309) (User: Reavor)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (09/04/2014 11:36:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/03/2014 08:39:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/02/2014 01:15:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (08/31/2014 09:20:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (08/27/2014 10:02:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (08/25/2014 08:50:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (08/25/2014 08:25:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


System errors:
=============
Error: (09/11/2014 04:44:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (09/11/2014 04:44:05 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (09/11/2014 04:43:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/11/2014 04:41:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (09/11/2014 03:40:32 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (09/11/2014 03:19:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (09/11/2014 03:19:35 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (09/11/2014 03:18:32 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/10/2014 09:59:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (09/10/2014 09:59:45 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (09/10/2014 11:05:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE

Error: (09/07/2014 09:23:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE

Error: (09/06/2014 09:03:14 AM) (Source: MsiInstaller) (EventID: 11309) (User: Reavor)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/04/2014 11:36:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE

Error: (09/03/2014 08:39:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE

Error: (09/02/2014 01:15:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE

Error: (08/31/2014 09:20:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE

Error: (08/27/2014 10:02:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE

Error: (08/25/2014 08:50:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE

Error: (08/25/2014 08:25:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
Percentage of memory in use: 51%
Total physical RAM: 4094.54 MB
Available physical RAM: 1985.91 MB
Total Pagefile: 8187.26 MB
Available Pagefile: 5726.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:4.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:416.92 GB) (Free:267.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 40B65AAB)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=416.9 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
Die Gmer.txt ist leider zu groß. Kann sie somit nicht direkt posten.
__________________

Alt 11.09.2014, 17:42   #4
V0rt3X
 
Win7, Search Protect + istasurf eingefangen - Standard

Win7, Search Protect + istasurf eingefangen



Hier das GMER Log in 4 Abschnitten.
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-11 17:19:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005d SAMSUNG_ rev.1AA0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Cronix\AppData\Local\Temp\ufldrpob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      0000000076ec1360 5 bytes JMP 0000000149e40460
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                               0000000076ec13b0 5 bytes JMP 0000000149e40450
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               0000000076ec1510 5 bytes JMP 0000000149e40370
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    0000000076ec1560 5 bytes JMP 0000000149e40470
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          0000000076ec1570 5 bytes JMP 0000000149e403e0
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                               0000000076ec1620 5 bytes JMP 0000000149e40320
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000076ec1650 5 bytes JMP 0000000149e403b0
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           0000000076ec1670 5 bytes JMP 0000000149e40390
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 0000000076ec16b0 5 bytes JMP 0000000149e402e0
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               0000000076ec1730 5 bytes JMP 0000000149e402d0
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                             0000000076ec1750 5 bytes JMP 0000000149e40310
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                              0000000076ec1790 5 bytes JMP 0000000149e403c0
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           0000000076ec17e0 5 bytes JMP 0000000149e403f0
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              0000000076ec1940 5 bytes JMP 0000000149e40230
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   0000000076ec1b00 5 bytes JMP 0000000149e40480
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  0000000076ec1b30 5 bytes JMP 0000000149e403a0
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           0000000076ec1c10 5 bytes JMP 0000000149e402f0
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        0000000076ec1c20 5 bytes JMP 0000000149e40350
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              0000000076ec1c80 5 bytes JMP 0000000149e40290
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           0000000076ec1d10 5 bytes JMP 0000000149e402b0
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000076ec1d30 5 bytes JMP 0000000149e403d0
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               0000000076ec1d40 5 bytes JMP 0000000149e40330
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        0000000076ec1db0 5 bytes JMP 0000000149e40410
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           0000000076ec1de0 5 bytes JMP 0000000149e40240
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                0000000076ec20a0 5 bytes JMP 0000000149e401e0
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           0000000076ec2160 5 bytes JMP 0000000149e40250
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           0000000076ec2190 5 bytes JMP 0000000149e40490
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  0000000076ec21a0 5 bytes JMP 0000000149e404a0
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             0000000076ec21d0 5 bytes JMP 0000000149e40300
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          0000000076ec21e0 5 bytes JMP 0000000149e40360
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                0000000076ec2240 5 bytes JMP 0000000149e402a0
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             0000000076ec2290 5 bytes JMP 0000000149e402c0
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                0000000076ec22c0 5 bytes JMP 0000000149e40380
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 0000000076ec22d0 5 bytes JMP 0000000149e40340
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          0000000076ec25c0 5 bytes JMP 0000000149e40440
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         0000000076ec27c0 5 bytes JMP 0000000149e40260
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            0000000076ec27d0 5 bytes JMP 0000000149e40270
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          0000000076ec27e0 5 bytes JMP 0000000149e40400
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      0000000076ec29a0 5 bytes JMP 0000000149e401f0
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       0000000076ec29b0 5 bytes JMP 0000000149e40210
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            0000000076ec2a20 5 bytes JMP 0000000149e40200
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            0000000076ec2a80 5 bytes JMP 0000000149e40420
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             0000000076ec2a90 5 bytes JMP 0000000149e40430
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        0000000076ec2aa0 5 bytes JMP 0000000149e40220
.text  C:\Windows\system32\csrss.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                0000000076ec2b80 5 bytes JMP 0000000149e40280
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    0000000076ec1360 5 bytes JMP 0000000100040460
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                             0000000076ec13b0 5 bytes JMP 0000000100040450
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             0000000076ec1510 5 bytes JMP 0000000100040370
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  0000000076ec1560 5 bytes JMP 0000000100040470
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        0000000076ec1570 5 bytes JMP 00000001000403e0
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                             0000000076ec1620 5 bytes JMP 0000000100040320
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      0000000076ec1650 5 bytes JMP 00000001000403b0
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         0000000076ec1670 5 bytes JMP 0000000100040390
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               0000000076ec16b0 5 bytes JMP 00000001000402e0
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             0000000076ec1730 5 bytes JMP 00000001000402d0
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                           0000000076ec1750 5 bytes JMP 0000000100040310
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                            0000000076ec1790 5 bytes JMP 00000001000403c0
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         0000000076ec17e0 5 bytes JMP 00000001000403f0
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            0000000076ec1940 5 bytes JMP 0000000100040230
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 0000000076ec1b00 5 bytes JMP 0000000100040480
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                0000000076ec1b30 5 bytes JMP 00000001000403a0
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         0000000076ec1c10 5 bytes JMP 00000001000402f0
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      0000000076ec1c20 5 bytes JMP 0000000100040350
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            0000000076ec1c80 5 bytes JMP 0000000100040290
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         0000000076ec1d10 5 bytes JMP 00000001000402b0
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          0000000076ec1d30 5 bytes JMP 00000001000403d0
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             0000000076ec1d40 5 bytes JMP 0000000100040330
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      0000000076ec1db0 5 bytes JMP 0000000100040410
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         0000000076ec1de0 5 bytes JMP 0000000100040240
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              0000000076ec20a0 5 bytes JMP 00000001000401e0
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         0000000076ec2160 5 bytes JMP 0000000100040250
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         0000000076ec2190 5 bytes JMP 0000000100040490
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                0000000076ec21a0 5 bytes JMP 00000001000404a0
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           0000000076ec21d0 5 bytes JMP 0000000100040300
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        0000000076ec21e0 5 bytes JMP 0000000100040360
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              0000000076ec2240 5 bytes JMP 00000001000402a0
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           0000000076ec2290 5 bytes JMP 00000001000402c0
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                              0000000076ec22c0 5 bytes JMP 0000000100040380
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               0000000076ec22d0 5 bytes JMP 0000000100040340
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        0000000076ec25c0 5 bytes JMP 0000000100040440
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       0000000076ec27c0 5 bytes JMP 0000000100040260
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          0000000076ec27d0 5 bytes JMP 0000000100040270
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        0000000076ec27e0 5 bytes JMP 0000000100040400
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    0000000076ec29a0 5 bytes JMP 00000001000401f0
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     0000000076ec29b0 5 bytes JMP 0000000100040210
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          0000000076ec2a20 5 bytes JMP 0000000100040200
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          0000000076ec2a80 5 bytes JMP 0000000100040420
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           0000000076ec2a90 5 bytes JMP 0000000100040430
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      0000000076ec2aa0 5 bytes JMP 0000000100040220
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                              0000000076ec2b80 5 bytes JMP 0000000100040280
.text  C:\Windows\system32\wininit.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                   0000000076daef8d 1 byte [62]
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      0000000076ec1360 5 bytes JMP 0000000149e40460
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                               0000000076ec13b0 5 bytes JMP 0000000149e40450
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               0000000076ec1510 5 bytes JMP 0000000149e40370
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    0000000076ec1560 5 bytes JMP 0000000149e40470
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          0000000076ec1570 5 bytes JMP 0000000149e403e0
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                               0000000076ec1620 5 bytes JMP 0000000149e40320
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000076ec1650 5 bytes JMP 0000000149e403b0
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           0000000076ec1670 5 bytes JMP 0000000149e40390
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 0000000076ec16b0 5 bytes JMP 0000000149e402e0
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               0000000076ec1730 5 bytes JMP 0000000149e402d0
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                             0000000076ec1750 5 bytes JMP 0000000149e40310
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                              0000000076ec1790 5 bytes JMP 0000000149e403c0
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           0000000076ec17e0 5 bytes JMP 0000000149e403f0
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              0000000076ec1940 5 bytes JMP 0000000149e40230
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   0000000076ec1b00 5 bytes JMP 0000000149e40480
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  0000000076ec1b30 5 bytes JMP 0000000149e403a0
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           0000000076ec1c10 5 bytes JMP 0000000149e402f0
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        0000000076ec1c20 5 bytes JMP 0000000149e40350
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              0000000076ec1c80 5 bytes JMP 0000000149e40290
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           0000000076ec1d10 5 bytes JMP 0000000149e402b0
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000076ec1d30 5 bytes JMP 0000000149e403d0
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               0000000076ec1d40 5 bytes JMP 0000000149e40330
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        0000000076ec1db0 5 bytes JMP 0000000149e40410
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           0000000076ec1de0 5 bytes JMP 0000000149e40240
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                0000000076ec20a0 5 bytes JMP 0000000149e401e0
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           0000000076ec2160 5 bytes JMP 0000000149e40250
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           0000000076ec2190 5 bytes JMP 0000000149e40490
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  0000000076ec21a0 5 bytes JMP 0000000149e404a0
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             0000000076ec21d0 5 bytes JMP 0000000149e40300
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          0000000076ec21e0 5 bytes JMP 0000000149e40360
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                0000000076ec2240 5 bytes JMP 0000000149e402a0
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             0000000076ec2290 5 bytes JMP 0000000149e402c0
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                0000000076ec22c0 5 bytes JMP 0000000149e40380
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 0000000076ec22d0 5 bytes JMP 0000000149e40340
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          0000000076ec25c0 5 bytes JMP 0000000149e40440
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         0000000076ec27c0 5 bytes JMP 0000000149e40260
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            0000000076ec27d0 5 bytes JMP 0000000149e40270
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          0000000076ec27e0 5 bytes JMP 0000000149e40400
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      0000000076ec29a0 5 bytes JMP 0000000149e401f0
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       0000000076ec29b0 5 bytes JMP 0000000149e40210
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            0000000076ec2a20 5 bytes JMP 0000000149e40200
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            0000000076ec2a80 5 bytes JMP 0000000149e40420
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             0000000076ec2a90 5 bytes JMP 0000000149e40430
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        0000000076ec2aa0 5 bytes JMP 0000000149e40220
.text  C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                0000000076ec2b80 5 bytes JMP 0000000149e40280
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                            0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                            0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                          0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                           0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                             0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\system32\services.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                             0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Windows\system32\services.exe[668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                  0000000076daef8d 1 byte [62]
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   0000000076ec1360 5 bytes JMP 0000000100040460
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                            0000000076ec13b0 5 bytes JMP 0000000100040450
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            0000000076ec1510 5 bytes JMP 0000000100040370
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 0000000076ec1560 5 bytes JMP 0000000100040470
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       0000000076ec1570 5 bytes JMP 00000001000403e0
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                            0000000076ec1620 5 bytes JMP 0000000100040320
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     0000000076ec1650 5 bytes JMP 00000001000403b0
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        0000000076ec1670 5 bytes JMP 0000000100040390
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              0000000076ec16b0 5 bytes JMP 00000001000402e0
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            0000000076ec1730 5 bytes JMP 00000001000402d0
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                          0000000076ec1750 5 bytes JMP 0000000100040310
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                           0000000076ec1790 5 bytes JMP 00000001000403c0
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        0000000076ec17e0 5 bytes JMP 00000001000403f0
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           0000000076ec1940 5 bytes JMP 0000000100040230
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                0000000076ec1b00 5 bytes JMP 0000000100040480
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               0000000076ec1b30 5 bytes JMP 00000001000403a0
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        0000000076ec1c10 5 bytes JMP 00000001000402f0
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     0000000076ec1c20 5 bytes JMP 0000000100040350
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           0000000076ec1c80 5 bytes JMP 0000000100040290
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        0000000076ec1d10 5 bytes JMP 00000001000402b0
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         0000000076ec1d30 5 bytes JMP 00000001000403d0
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            0000000076ec1d40 5 bytes JMP 0000000100040330
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     0000000076ec1db0 5 bytes JMP 0000000100040410
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        0000000076ec1de0 5 bytes JMP 0000000100040240
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             0000000076ec20a0 5 bytes JMP 00000001000401e0
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        0000000076ec2160 5 bytes JMP 0000000100040250
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        0000000076ec2190 5 bytes JMP 0000000100040490
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               0000000076ec21a0 5 bytes JMP 00000001000404a0
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          0000000076ec21d0 5 bytes JMP 0000000100040300
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       0000000076ec21e0 5 bytes JMP 0000000100040360
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             0000000076ec2240 5 bytes JMP 00000001000402a0
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          0000000076ec2290 5 bytes JMP 00000001000402c0
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                             0000000076ec22c0 5 bytes JMP 0000000100040380
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              0000000076ec22d0 5 bytes JMP 0000000100040340
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       0000000076ec25c0 5 bytes JMP 0000000100040440
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      0000000076ec27c0 5 bytes JMP 0000000100040260
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         0000000076ec27d0 5 bytes JMP 0000000100040270
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       0000000076ec27e0 5 bytes JMP 0000000100040400
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   0000000076ec29a0 5 bytes JMP 00000001000401f0
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    0000000076ec29b0 5 bytes JMP 0000000100040210
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         0000000076ec2a20 5 bytes JMP 0000000100040200
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         0000000076ec2a80 5 bytes JMP 0000000100040420
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          0000000076ec2a90 5 bytes JMP 0000000100040430
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     0000000076ec2aa0 5 bytes JMP 0000000100040220
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                             0000000076ec2b80 5 bytes JMP 0000000100040280
.text  C:\Windows\system32\winlogon.exe[700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                  0000000076daef8d 1 byte [62]
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                               0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                               0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                             0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                              0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\system32\lsass.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                        0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                 0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                 0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                      0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                            0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                 0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                          0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                             0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                   0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                 0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                               0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                             0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                     0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                    0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                             0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                          0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                             0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                              0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                 0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                          0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                             0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                  0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                             0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                             0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                    0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                               0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                            0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                  0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                               0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                  0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                   0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                            0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                           0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                              0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                            0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                        0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                         0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                              0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                              0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                               0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                          0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\system32\lsm.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                  0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                             0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                             0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                           0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                            0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                              0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                              0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     0000000076ec1360 5 bytes JMP 0000000100060460
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                              0000000076ec13b0 5 bytes JMP 0000000100060450
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              0000000076ec1510 5 bytes JMP 0000000100060370
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   0000000076ec1560 5 bytes JMP 0000000100060470
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         0000000076ec1570 5 bytes JMP 00000001000603e0
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                              0000000076ec1620 5 bytes JMP 0000000100060320
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       0000000076ec1650 5 bytes JMP 00000001000603b0
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          0000000076ec1670 5 bytes JMP 0000000100060390
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                0000000076ec16b0 5 bytes JMP 00000001000602e0
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              0000000076ec1730 5 bytes JMP 00000001000602d0
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                            0000000076ec1750 5 bytes JMP 0000000100060310
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                             0000000076ec1790 5 bytes JMP 00000001000603c0
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          0000000076ec17e0 5 bytes JMP 00000001000603f0
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             0000000076ec1940 5 bytes JMP 0000000100060230
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  0000000076ec1b00 5 bytes JMP 0000000100060480
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 0000000076ec1b30 5 bytes JMP 00000001000603a0
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          0000000076ec1c10 5 bytes JMP 00000001000602f0
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       0000000076ec1c20 5 bytes JMP 0000000100060350
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             0000000076ec1c80 5 bytes JMP 0000000100060290
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          0000000076ec1d10 5 bytes JMP 00000001000602b0
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           0000000076ec1d30 5 bytes JMP 00000001000603d0
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              0000000076ec1d40 5 bytes JMP 0000000100060330
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       0000000076ec1db0 5 bytes JMP 0000000100060410
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          0000000076ec1de0 5 bytes JMP 0000000100060240
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               0000000076ec20a0 5 bytes JMP 00000001000601e0
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          0000000076ec2160 5 bytes JMP 0000000100060250
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          0000000076ec2190 5 bytes JMP 0000000100060490
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 0000000076ec21a0 5 bytes JMP 00000001000604a0
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            0000000076ec21d0 5 bytes JMP 0000000100060300
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         0000000076ec21e0 5 bytes JMP 0000000100060360
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               0000000076ec2240 5 bytes JMP 00000001000602a0
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            0000000076ec2290 5 bytes JMP 00000001000602c0
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                               0000000076ec22c0 5 bytes JMP 0000000100060380
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                0000000076ec22d0 5 bytes JMP 0000000100060340
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         0000000076ec25c0 5 bytes JMP 0000000100060440
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        0000000076ec27c0 5 bytes JMP 0000000100060260
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           0000000076ec27d0 5 bytes JMP 0000000100060270
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         0000000076ec27e0 5 bytes JMP 0000000100060400
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     0000000076ec29a0 5 bytes JMP 00000001000601f0
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      0000000076ec29b0 5 bytes JMP 0000000100060210
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           0000000076ec2a20 5 bytes JMP 0000000100060200
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           0000000076ec2a80 5 bytes JMP 0000000100060420
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            0000000076ec2a90 5 bytes JMP 0000000100060430
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       0000000076ec2aa0 5 bytes JMP 0000000100060220
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                               0000000076ec2b80 5 bytes JMP 0000000100060280
.text  C:\Windows\system32\nvvsvc.exe[916] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                    0000000076daef8d 1 byte [62]
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[940] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                               00000000750ba2fd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                             0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                             0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                           0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                            0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx
         

Alt 11.09.2014, 17:43   #5
V0rt3X
 
Win7, Search Protect + istasurf eingefangen - Standard

Win7, Search Protect + istasurf eingefangen



Code:
ATTFilter
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                              0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                              0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                             0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                             0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                           0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                            0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                              0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                              0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                             0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                             0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                           0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                            0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                              0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                              0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Windows\System32\svchost.exe[480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                   0000000076daef8d 1 byte [62]
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                             0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                             0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                           0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                            0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                              0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                              0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                            0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                            0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                          0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                           0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                             0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                             0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Windows\system32\svchost.exe[1056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                  0000000076daef8d 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                            0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                            0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                          0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                           0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                             0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                             0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                            0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                            0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                          0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                           0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                             0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                             0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                          0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                   0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                   0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                        0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                              0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                   0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                            0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                               0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                     0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                   0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                 0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                  0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                               0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                  0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                       0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                      0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                               0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                            0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                  0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                               0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                   0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                            0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                               0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                    0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                               0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                               0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                      0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                 0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                              0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                    0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                 0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                    0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                     0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                              0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                             0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                          0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                           0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                 0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                            0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                    0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                         0000000076daef8d 1 byte [62]
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                             0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                             0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                           0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                            0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                              0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                              0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                   0000000076daef8d 1 byte [62]
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                       0000000076ec1360 5 bytes JMP 0000000100070460
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                0000000076ec13b0 5 bytes JMP 0000000100070450
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                0000000076ec1510 5 bytes JMP 0000000100070370
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                     0000000076ec1560 5 bytes JMP 0000000100070470
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                           0000000076ec1570 5 bytes JMP 00000001000703e0
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                0000000076ec1620 5 bytes JMP 0000000100070320
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                         0000000076ec1650 5 bytes JMP 00000001000703b0
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                            0000000076ec1670 5 bytes JMP 0000000100070390
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                  0000000076ec16b0 5 bytes JMP 00000001000702e0
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                0000000076ec1730 5 bytes JMP 00000001000702d0
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                              0000000076ec1750 5 bytes JMP 0000000100070310
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                               0000000076ec1790 5 bytes JMP 00000001000703c0
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                            0000000076ec17e0 5 bytes JMP 00000001000703f0
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                               0000000076ec1940 5 bytes JMP 0000000100070230
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                    0000000076ec1b00 5 bytes JMP 0000000100070480
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                   0000000076ec1b30 5 bytes JMP 00000001000703a0
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                            0000000076ec1c10 5 bytes JMP 00000001000702f0
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                         0000000076ec1c20 5 bytes JMP 0000000100070350
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                               0000000076ec1c80 5 bytes JMP 0000000100070290
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                            0000000076ec1d10 5 bytes JMP 00000001000702b0
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                             0000000076ec1d30 5 bytes JMP 00000001000703d0
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                0000000076ec1d40 5 bytes JMP 0000000100070330
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                         0000000076ec1db0 5 bytes JMP 0000000100070410
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                            0000000076ec1de0 5 bytes JMP 0000000100070240
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                 0000000076ec20a0 5 bytes JMP 00000001000701e0
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                            0000000076ec2160 5 bytes JMP 0000000100070250
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                            0000000076ec2190 5 bytes JMP 0000000100070490
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                   0000000076ec21a0 5 bytes JMP 00000001000704a0
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                              0000000076ec21d0 5 bytes JMP 0000000100070300
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                           0000000076ec21e0 5 bytes JMP 0000000100070360
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                 0000000076ec2240 5 bytes JMP 00000001000702a0
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                              0000000076ec2290 5 bytes JMP 00000001000702c0
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                 0000000076ec22c0 5 bytes JMP 0000000100070380
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                  0000000076ec22d0 5 bytes JMP 0000000100070340
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                           0000000076ec25c0 5 bytes JMP 0000000100070440
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                          0000000076ec27c0 5 bytes JMP 0000000100070260
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                             0000000076ec27d0 5 bytes JMP 0000000100070270
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                           0000000076ec27e0 5 bytes JMP 0000000100070400
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                       0000000076ec29a0 5 bytes JMP 00000001000701f0
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                        0000000076ec29b0 5 bytes JMP 0000000100070210
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                             0000000076ec2a20 5 bytes JMP 0000000100070200
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                             0000000076ec2a80 5 bytes JMP 0000000100070420
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                              0000000076ec2a90 5 bytes JMP 0000000100070430
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                         0000000076ec2aa0 5 bytes JMP 0000000100070220
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                 0000000076ec2b80 5 bytes JMP 0000000100070280
.text  C:\Windows\system32\Dwm.exe[1560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                      0000000076daef8d 1 byte [62]
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                           0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                    0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                    0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                         0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                               0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                    0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                             0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                      0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                    0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                  0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                   0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                   0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                        0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                       0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                             0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                   0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                 0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                    0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                             0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                     0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                       0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                  0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                               0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                     0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                  0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                     0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                      0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                               0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                              0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                 0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                               0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                           0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                            0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                 0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                 0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                  0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                             0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                     0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Windows\Explorer.EXE[1672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                          0000000076daef8d 1 byte [62]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                            0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                     0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                     0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                          0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                     0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                              0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                 0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                       0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                     0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                   0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                    0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                 0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                    0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                         0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                        0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                 0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                              0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                    0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                 0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                  0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                     0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                              0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                 0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                      0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                 0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                 0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                        0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                   0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                      0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                   0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                      0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                       0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                               0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                  0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                            0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                             0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                  0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                  0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                   0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                              0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                      0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                           0000000076daef8d 1 byte [62]
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                        0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                 0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                 0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                      0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                            0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                 0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                          0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                             0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                   0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                 0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                               0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                             0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                     0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                    0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                             0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                          0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                             0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                              0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                 0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                          0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                             0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                  0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                             0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                             0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys
         


Alt 11.09.2014, 17:44   #6
V0rt3X
 
Win7, Search Protect + istasurf eingefangen - Standard

Win7, Search Protect + istasurf eingefangen



Code:
ATTFilter
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                               0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                            0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                  0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                               0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                  0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                   0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                            0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                           0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                              0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                            0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                        0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                         0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                              0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                              0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                               0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                          0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                  0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe[1032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                       0000000076daef8d 1 byte [62]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                   0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                            0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                            0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                 0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                       0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                            0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                     0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                        0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                              0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                            0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                          0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                           0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                        0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                           0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                               0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                        0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                     0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                           0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                        0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                         0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                            0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                     0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                        0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                             0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                        0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                        0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                               0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                          0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                       0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                             0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                          0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                             0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                              0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                       0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                      0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                         0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                       0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                   0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                    0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                         0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                         0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                          0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                     0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                             0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                  0000000076daef8d 1 byte [62]
.text  C:\ProgramData\IePluginServices\PluginService.exe[1172] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                00000000750ba2fd 1 byte [62]
.text  C:\ProgramData\IePluginServices\PluginService.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              0000000074c71465 2 bytes [C7, 74]
.text  C:\ProgramData\IePluginServices\PluginService.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                             0000000074c714bb 2 bytes [C7, 74]
.text  ...                                                                                                                                                          * 2
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                           0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                       0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                            0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                             0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[1384] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 0000000076daef8d 1 byte [62]
.text  C:\Program Files (x86)\SupTab\HpUI.exe[1696] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                           00000000750ba2fd 1 byte [62]
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[1552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                        0000000076daef8d 1 byte [62]
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                            0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                            0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                          0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                           0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                             0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\System32\spoolsv.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                             0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                  0000000076ec1360 5 bytes JMP 0000000100060460
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                           0000000076ec13b0 5 bytes JMP 0000000100060450
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                           0000000076ec1510 5 bytes JMP 0000000100060370
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                0000000076ec1560 5 bytes JMP 0000000100060470
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      0000000076ec1570 5 bytes JMP 00000001000603e0
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                           0000000076ec1620 5 bytes JMP 0000000100060320
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                    0000000076ec1650 5 bytes JMP 00000001000603b0
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                       0000000076ec1670 5 bytes JMP 0000000100060390
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                             0000000076ec16b0 5 bytes JMP 00000001000602e0
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                           0000000076ec1730 5 bytes JMP 00000001000602d0
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                         0000000076ec1750 5 bytes JMP 0000000100060310
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                          0000000076ec1790 5 bytes JMP 00000001000603c0
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                       0000000076ec17e0 5 bytes JMP 00000001000603f0
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                          0000000076ec1940 5 bytes JMP 0000000100060230
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                               0000000076ec1b00 5 bytes JMP 0000000100060480
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                              0000000076ec1b30 5 bytes JMP 00000001000603a0
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                       0000000076ec1c10 5 bytes JMP 00000001000602f0
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                    0000000076ec1c20 5 bytes JMP 0000000100060350
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                          0000000076ec1c80 5 bytes JMP 0000000100060290
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                       0000000076ec1d10 5 bytes JMP 00000001000602b0
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                        0000000076ec1d30 5 bytes JMP 00000001000603d0
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                           0000000076ec1d40 5 bytes JMP 0000000100060330
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                    0000000076ec1db0 5 bytes JMP 0000000100060410
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                       0000000076ec1de0 5 bytes JMP 0000000100060240
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                            0000000076ec20a0 5 bytes JMP 00000001000601e0
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                       0000000076ec2160 5 bytes JMP 0000000100060250
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                       0000000076ec2190 5 bytes JMP 0000000100060490
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                              0000000076ec21a0 5 bytes JMP 00000001000604a0
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                         0000000076ec21d0 5 bytes JMP 0000000100060300
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                      0000000076ec21e0 5 bytes JMP 0000000100060360
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                            0000000076ec2240 5 bytes JMP 00000001000602a0
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                         0000000076ec2290 5 bytes JMP 00000001000602c0
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                            0000000076ec22c0 5 bytes JMP 0000000100060380
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                             0000000076ec22d0 5 bytes JMP 0000000100060340
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                      0000000076ec25c0 5 bytes JMP 0000000100060440
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                     0000000076ec27c0 5 bytes JMP 0000000100060260
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                        0000000076ec27d0 5 bytes JMP 0000000100060270
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      0000000076ec27e0 5 bytes JMP 0000000100060400
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                  0000000076ec29a0 5 bytes JMP 00000001000601f0
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                   0000000076ec29b0 5 bytes JMP 0000000100060210
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                        0000000076ec2a20 5 bytes JMP 0000000100060200
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                        0000000076ec2a80 5 bytes JMP 0000000100060420
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                         0000000076ec2a90 5 bytes JMP 0000000100060430
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                    0000000076ec2aa0 5 bytes JMP 0000000100060220
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                            0000000076ec2b80 5 bytes JMP 0000000100060280
.text  C:\Windows\system32\taskhost.exe[2152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                 0000000076daef8d 1 byte [62]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2336] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                     00000000750ba2fd 1 byte [62]
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2364] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112     00000000750ba2fd 1 byte [62]
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000074c71465 2 bytes [C7, 74]
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074c714bb 2 bytes [C7, 74]
.text  ...                                                                                                                                                          * 2
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                        0000000076ec1360 5 bytes JMP 0000000100070460
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                 0000000076ec13b0 5 bytes JMP 0000000100070450
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                 0000000076ec1510 5 bytes JMP 0000000100070370
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                      0000000076ec1560 5 bytes JMP 0000000100070470
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                            0000000076ec1570 5 bytes JMP 00000001000703e0
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                 0000000076ec1620 5 bytes JMP 0000000100070320
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                          0000000076ec1650 5 bytes JMP 00000001000703b0
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                             0000000076ec1670 5 bytes JMP 0000000100070390
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                   0000000076ec16b0 5 bytes JMP 00000001000702e0
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                 0000000076ec1730 5 bytes JMP 00000001000702d0
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                               0000000076ec1750 5 bytes JMP 0000000100070310
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                0000000076ec1790 5 bytes JMP 00000001000703c0
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                             0000000076ec17e0 5 bytes JMP 00000001000703f0
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                0000000076ec1940 5 bytes JMP 0000000100070230
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                     0000000076ec1b00 5 bytes JMP 0000000100070480
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                    0000000076ec1b30 5 bytes JMP 00000001000703a0
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                             0000000076ec1c10 5 bytes JMP 00000001000702f0
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                          0000000076ec1c20 5 bytes JMP 0000000100070350
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                0000000076ec1c80 5 bytes JMP 0000000100070290
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                             0000000076ec1d10 5 bytes JMP 00000001000702b0
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                              0000000076ec1d30 5 bytes JMP 00000001000703d0
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                 0000000076ec1d40 5 bytes JMP 0000000100070330
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                          0000000076ec1db0 5 bytes JMP 0000000100070410
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                             0000000076ec1de0 5 bytes JMP 0000000100070240
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                  0000000076ec20a0 5 bytes JMP 00000001000701e0
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                             0000000076ec2160 5 bytes JMP 0000000100070250
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                             0000000076ec2190 5 bytes JMP 0000000100070490
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                    0000000076ec21a0 5 bytes JMP 00000001000704a0
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                               0000000076ec21d0 5 bytes JMP 0000000100070300
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                            0000000076ec21e0 5 bytes JMP 0000000100070360
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                  0000000076ec2240 5 bytes JMP 00000001000702a0
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                               0000000076ec2290 5 bytes JMP 00000001000702c0
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                  0000000076ec22c0 5 bytes JMP 0000000100070380
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                   0000000076ec22d0 5 bytes JMP 0000000100070340
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                            0000000076ec25c0 5 bytes JMP 0000000100070440
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                           0000000076ec27c0 5 bytes JMP 0000000100070260
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                              0000000076ec27d0 5 bytes JMP 0000000100070270
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                            0000000076ec27e0 5 bytes JMP 0000000100070400
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                        0000000076ec29a0 5 bytes JMP 00000001000701f0
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                         0000000076ec29b0 5 bytes JMP 0000000100070210
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                              0000000076ec2a20 5 bytes JMP 0000000100070200
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                              0000000076ec2a80 5 bytes JMP 0000000100070420
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                               0000000076ec2a90 5 bytes JMP 0000000100070430
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                          0000000076ec2aa0 5 bytes JMP 0000000100070220
.text  C:\Program Files (x86)\SupTab\Loader64.exe[2396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                  0000000076ec2b80 5 bytes JMP 0000000100070280
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                        0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                 0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                 0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                      0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                            0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                 0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                          0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                             0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                   0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                 0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                               0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                             0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                     0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                    0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                             0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                          0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                             0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                              0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                 0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                          0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                             0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                  0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                             0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                             0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                    0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                               0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                            0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                  0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                               0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                  0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                   0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                            0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                           0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                              0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                            0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                        0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                         0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                              0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                              0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                               0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                          0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Program Files\Bonjour\mDNSResponder.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                  0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Program Files (x86)\SupTab\Loader32.exe[2428] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                       00000000750ba2fd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                            0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                            0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                          0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                           0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                             0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\system32\svchost.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                             0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                     0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                              0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                              0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                   0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                         0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                              0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                       0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                          0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                              0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                            0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                             0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                          0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                             0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                  0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                          0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                       0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                             0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                          0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                           0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                              0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                       0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                          0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                               0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                          0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                          0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                            0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                         0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                               0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                            0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                               0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                         0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                        0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                           0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                         0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                     0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                      0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                           0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                           0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                            0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                       0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                               0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                            0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                            0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                          0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                           0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                             0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\system32\svchost.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                             0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                         0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                  0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                  0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                       0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                             0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                  0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                           0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                              0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                    0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                  0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                 0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                              0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                 0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                      0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                     0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                              0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                           0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                 0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                              0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                               0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer
         

Alt 11.09.2014, 17:45   #7
V0rt3X
 
Win7, Search Protect + istasurf eingefangen - Standard

Win7, Search Protect + istasurf eingefangen



Code:
ATTFilter
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                           0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                              0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                   0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                              0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                              0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                     0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                             0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                   0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                   0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                    0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                             0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                            0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                               0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                             0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                         0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                          0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                               0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                               0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                           0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                   0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                  0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                           0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                           0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                           0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                    0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                       0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                             0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                           0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                         0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                          0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                       0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                          0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                               0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                              0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                       0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                    0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                          0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                       0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                        0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                           0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                    0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                       0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                            0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                       0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                       0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                              0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                         0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                      0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                            0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                         0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                            0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                             0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                      0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                     0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                        0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                  0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                   0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                        0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                        0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                         0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                    0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\system32\EscSvc64.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                            0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                               0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                        0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                        0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                             0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                   0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                        0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                 0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                    0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                          0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                        0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                      0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                       0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                    0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                       0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                            0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                           0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                    0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                 0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                       0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                    0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                     0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                        0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                 0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                    0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                         0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                    0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                    0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                           0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                      0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                   0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                         0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                      0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                         0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                          0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                   0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                  0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                     0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                   0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                               0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                     0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                     0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                      0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                 0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                         0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[3288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              0000000076daef8d 1 byte [62]
.text  D:\Programme\VirtualCloneDrive\VCDDaemon.exe[3456] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                     00000000750ba2fd 1 byte [62]
.text  D:\Programme\Avast\avastui.exe[3484] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                            0000000075098791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text  D:\Programme\Avast\avastui.exe[3484] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                   00000000750ba2fd 1 byte [62]
.text  D:\Programme\Avast\avastui.exe[3484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                 0000000074c71465 2 bytes [C7, 74]
.text  D:\Programme\Avast\avastui.exe[3484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                0000000074c714bb 2 bytes [C7, 74]
.text  ...                                                                                                                                                          * 2
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3500] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                 00000000750ba2fd 1 byte [62]
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                             0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                      0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                      0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                           0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                 0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                      0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                               0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                  0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                        0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                      0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                    0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                     0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                  0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                     0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                          0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                         0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                  0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                               0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                     0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                  0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                   0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                      0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                               0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                  0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                       0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                  0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                  0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                         0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                    0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                 0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                       0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                    0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                       0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                        0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                 0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                   0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                 0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                             0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                              0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                   0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                   0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                    0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                               0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\system32\SearchIndexer.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                       0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                      0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                               0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                               0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                    0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                          0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                               0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                        0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                           0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                 0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                               0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                             0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                              0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                           0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                              0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                   0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                  0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                           0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                        0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                              0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                           0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                            0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                               0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                        0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                           0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                           0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                           0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                  0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                             0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                          0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                             0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                 0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                          0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                         0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                            0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                      0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                       0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                            0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                            0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                             0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                        0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[3936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                     0000000076daef8d 1 byte [62]
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                    0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                             0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                             0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                  0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                        0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                             0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                      0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                         0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                               0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                             0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                           0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                            0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                         0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                            0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                 0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                         0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                      0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                            0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                         0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                          0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                             0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                      0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                         0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                              0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                         0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                         0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                           0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                        0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                              0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                           0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                              0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                               0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                        0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                       0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                          0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                        0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                    0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                     0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                          0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                          0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                           0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                      0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                              0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                   0000000076daef8d 1 byte [62]
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4000] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                   00000000750ba2fd 1 byte [62]
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000074c71465 2 bytes [C7, 74]
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                0000000074c714bb 2 bytes [C7, 74]
.text  ...                                                                                                                                                          * 2
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                     0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                              0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                              0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                   0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                         0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                              0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                       0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                          0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                              0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                            0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                             0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                          0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                             0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                  0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                 0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                          0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                       0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                             0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                          0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                           0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                              0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                       0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                          0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                               0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                          0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                          0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                 0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                            0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                         0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                               0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                            0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                               0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                         0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                        0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                           0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                         0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                     0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                      0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                           0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                           0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                            0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                       0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                               0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4012] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                    0000000076daef8d 1 byte [62]
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                         0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                         0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                              0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                    0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                         0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                  0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                     0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                           0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                         0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                       0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                        0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                     0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                        0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                             0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                            0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                     0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                  0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                        0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                     0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                      0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                         0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                  0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                     0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                          0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                     0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                     0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                            0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                       0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                    0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                          0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                       0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                          0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                           0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                    0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                   0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                      0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                    0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                 0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                      0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                      0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                       0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                  0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                          0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                               0000000076daef8d 1 byte [62]
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[1736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               0000000076daef8d 1 byte [62]
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   0000000076ec1360 5 bytes JMP 0000000100070460
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                            0000000076ec13b0 5 bytes JMP 0000000100070450
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            0000000076ec1510 5 bytes JMP 0000000100070370
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 0000000076ec1560 5 bytes JMP 0000000100070470
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       0000000076ec1570 5 bytes JMP 00000001000703e0
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                            0000000076ec1620 5 bytes JMP 0000000100070320
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     0000000076ec1650 5 bytes JMP 00000001000703b0
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        0000000076ec1670 5 bytes JMP 0000000100070390
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              0000000076ec16b0 5 bytes JMP 00000001000702e0
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            0000000076ec1730 5 bytes JMP 00000001000702d0
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                          0000000076ec1750 5 bytes JMP 0000000100070310
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                           0000000076ec1790 5 bytes JMP 00000001000703c0
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        0000000076ec17e0 5 bytes JMP 00000001000703f0
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           0000000076ec1940 5 bytes JMP 0000000100070230
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                0000000076ec1b00 5 bytes JMP 0000000100070480
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               0000000076ec1b30 5 bytes JMP 00000001000703a0
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        0000000076ec1c10 5 bytes JMP 00000001000702f0
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     0000000076ec1c20 5 bytes JMP 0000000100070350
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           0000000076ec1c80 5 bytes JMP 0000000100070290
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        0000000076ec1d10 5 bytes JMP 00000001000702b0
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         0000000076ec1d30 5 bytes JMP 00000001000703d0
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            0000000076ec1d40 5 bytes JMP 0000000100070330
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     0000000076ec1db0 5 bytes JMP 0000000100070410
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        0000000076ec1de0 5 bytes JMP 0000000100070240
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             0000000076ec20a0 5 bytes JMP 00000001000701e0
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        0000000076ec2160 5 bytes JMP 0000000100070250
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        0000000076ec2190 5 bytes JMP 0000000100070490
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               0000000076ec21a0 5 bytes JMP 00000001000704a0
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          0000000076ec21d0 5 bytes JMP 0000000100070300
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       0000000076ec21e0 5 bytes JMP 0000000100070360
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             0000000076ec2240 5 bytes JMP 00000001000702a0
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          0000000076ec2290 5 bytes JMP 00000001000702c0
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                             0000000076ec22c0 5 bytes JMP 0000000100070380
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              0000000076ec22d0 5 bytes JMP 0000000100070340
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       0000000076ec25c0 5 bytes JMP 0000000100070440
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      0000000076ec27c0 5 bytes JMP 0000000100070260
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         0000000076ec27d0 5 bytes JMP 0000000100070270
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       0000000076ec27e0 5 bytes JMP 0000000100070400
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   0000000076ec29a0 5 bytes JMP 00000001000701f0
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    0000000076ec29b0 5 bytes JMP 0000000100070210
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         0000000076ec2a20 5 bytes JMP 0000000100070200
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         0000000076ec2a80 5 bytes JMP 0000000100070420
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          0000000076ec2a90 5 bytes JMP 0000000100070430
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     0000000076ec2aa0 5 bytes JMP 0000000100070220
.text  C:\Windows\System32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                             0000000076ec2b80 5 bytes JMP 0000000100070280
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                             0000000076ec1360 5 bytes JMP 0000000100070460
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                      0000000076ec13b0 5 bytes JMP 0000000100070450
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                      0000000076ec1510 5 bytes JMP 0000000100070370
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                           0000000076ec1560 5 bytes JMP 0000000100070470
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                 0000000076ec1570 5 bytes JMP 00000001000703e0
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                      0000000076ec1620 5 bytes JMP 0000000100070320
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                               0000000076ec1650 5 bytes JMP 00000001000703b0
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                  0000000076ec1670 5 bytes JMP 0000000100070390
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                        0000000076ec16b0 5 bytes JMP 00000001000702e0
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                      0000000076ec1730 5 bytes JMP 00000001000702d0
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                    0000000076ec1750 5 bytes JMP 0000000100070310
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                     0000000076ec1790 5 bytes JMP 00000001000703c0
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                  0000000076ec17e0 5 bytes JMP 00000001000703f0
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                     0000000076ec1940 5 bytes JMP 0000000100070230
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                          0000000076ec1b00 5 bytes JMP 0000000100070480
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                         0000000076ec1b30 5 bytes JMP 00000001000703a0
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                  0000000076ec1c10 5 bytes JMP 00000001000702f0
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                               0000000076ec1c20 5 bytes JMP 0000000100070350
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                     0000000076ec1c80 5 bytes JMP 0000000100070290
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                  0000000076ec1d10 5 bytes JMP 00000001000702b0
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                   0000000076ec1d30 5 bytes JMP 00000001000703d0
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                      0000000076ec1d40 5 bytes JMP 0000000100070330
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                               0000000076ec1db0 5 bytes JMP 0000000100070410
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                  0000000076ec1de0 5 bytes JMP 0000000100070240
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                       0000000076ec20a0 5 bytes JMP 00000001000701e0
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                  0000000076ec2160 5 bytes JMP 0000000100070250
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                  0000000076ec2190 5 bytes JMP 0000000100070490
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                         0000000076ec21a0 5 bytes JMP 00000001000704a0
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                    0000000076ec21d0 5 bytes JMP 0000000100070300
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                 0000000076ec21e0 5 bytes JMP 0000000100070360
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                       0000000076ec2240 5 bytes JMP 00000001000702a0
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                    0000000076ec2290 5 bytes JMP 00000001000702c0
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                       0000000076ec22c0 5 bytes JMP 0000000100070380
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                        0000000076ec22d0 5 bytes JMP 0000000100070340
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                 0000000076ec25c0 5 bytes JMP 0000000100070440
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                0000000076ec27c0 5 bytes JMP 0000000100070260
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                   0000000076ec27d0 5 bytes JMP 0000000100070270
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                 0000000076ec27e0 5 bytes JMP 0000000100070400
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                             0000000076ec29a0 5 bytes JMP 00000001000701f0
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                              0000000076ec29b0 5 bytes JMP 0000000100070210
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                   0000000076ec2a20 5 bytes JMP 0000000100070200
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                   0000000076ec2a80 5 bytes JMP 0000000100070420
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                    0000000076ec2a90 5 bytes JMP 0000000100070430
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                               0000000076ec2aa0 5 bytes JMP 0000000100070220
.text  C:\Windows\system32\wbem\wmiprvse.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                       0000000076ec2b80 5 bytes JMP 0000000100070280
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   0000000076ec1360 5 bytes JMP 0000000077020460
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                            0000000076ec13b0 5 bytes JMP 0000000077020450
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            0000000076ec1510 5 bytes JMP 0000000077020370
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 0000000076ec1560 5 bytes JMP 0000000077020470
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       0000000076ec1570 5 bytes JMP 00000000770203e0
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                            0000000076ec1620 5 bytes JMP 0000000077020320
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     0000000076ec1650 5 bytes JMP 00000000770203b0
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        0000000076ec1670 5 bytes JMP 0000000077020390
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              0000000076ec16b0 5 bytes JMP 00000000770202e0
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            0000000076ec1730 5 bytes JMP 00000000770202d0
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                          0000000076ec1750 5 bytes JMP 0000000077020310
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                           0000000076ec1790 5 bytes JMP 00000000770203c0
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        0000000076ec17e0 5 bytes JMP 00000000770203f0
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           0000000076ec1940 5 bytes JMP 0000000077020230
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                0000000076ec1b00 5 bytes JMP 0000000077020480
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               0000000076ec1b30 5 bytes JMP 00000000770203a0
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        0000000076ec1c10 5 bytes JMP 00000000770202f0
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     0000000076ec1c20 5 bytes JMP 0000000077020350
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           0000000076ec1c80 5 bytes JMP 0000000077020290
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        0000000076ec1d10 5 bytes JMP 00000000770202b0
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         0000000076ec1d30 5 bytes JMP 00000000770203d0
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            0000000076ec1d40 5 bytes JMP 0000000077020330
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     0000000076ec1db0 5 bytes JMP 0000000077020410
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        0000000076ec1de0 5 bytes JMP 0000000077020240
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             0000000076ec20a0 5 bytes JMP 00000000770201e0
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        0000000076ec2160 5 bytes JMP 0000000077020250
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        0000000076ec2190 5 bytes JMP 0000000077020490
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               0000000076ec21a0 5 bytes JMP 00000000770204a0
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          0000000076ec21d0 5 bytes JMP 0000000077020300
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       0000000076ec21e0 5 bytes JMP 0000000077020360
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             0000000076ec2240 5 bytes JMP 00000000770202a0
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          0000000076ec2290 5 bytes JMP 00000000770202c0
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                             0000000076ec22c0 5 bytes JMP 0000000077020380
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              0000000076ec22d0 5 bytes JMP 0000000077020340
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       0000000076ec25c0 5 bytes JMP 0000000077020440
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      0000000076ec27c0 5 bytes JMP 0000000077020260
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         0000000076ec27d0 5 bytes JMP 0000000077020270
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       0000000076ec27e0 5 bytes JMP 0000000077020400
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   0000000076ec29a0 5 bytes JMP 00000000770201f0
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    0000000076ec29b0 5 bytes JMP 0000000077020210
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         0000000076ec2a20 5 bytes JMP 0000000077020200
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         0000000076ec2a80 5 bytes JMP 0000000077020420
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          0000000076ec2a90 5 bytes JMP 0000000077020430
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     0000000076ec2aa0 5 bytes JMP 0000000077020220
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                             0000000076ec2b80 5 bytes JMP 0000000077020280
.text  C:\Windows\System32\svchost.exe[2344] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                  0000000076daef8d 1 byte [62]
.text  C:\Users\Cronix\Desktop\Tools\Gmer-19357.exe[4948] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                     00000000750ba2fd 1 byte [62]

---- EOF - GMER 2.1 ----
         

Alt 12.09.2014, 10:55   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win7, Search Protect + istasurf eingefangen - Standard

Win7, Search Protect + istasurf eingefangen



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.09.2014, 16:53   #9
V0rt3X
 
Win7, Search Protect + istasurf eingefangen - Standard

Win7, Search Protect + istasurf eingefangen



Code:
ATTFilter
ComboFix 14-09-12.01 - Cronix 12.09.2014  17:41:15.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2618 [GMT 2:00]
ausgeführt von:: c:\users\Cronix\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\dzdo@fxhb.net
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\dzdo@fxhb.net\bootstrap.js
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\dzdo@fxhb.net\chrome.manifest
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\dzdo@fxhb.net\content\zy.xul
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\dzdo@fxhb.net\install.rdf
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\rdveyy@tau.com
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\rdveyy@tau.com\bootstrap.js
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\rdveyy@tau.com\chrome.manifest
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\rdveyy@tau.com\content\zy.xul
c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\rdveyy@tau.com\install.rdf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-12 bis 2014-09-12  ))))))))))))))))))))))))))))))
.
.
2014-09-12 15:46 . 2014-09-12 15:46	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-09-12 15:46 . 2014-09-12 15:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-09-12 15:43 . 2014-09-12 15:43	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{10B79095-0DCD-4A94-83F4-DB67CB67521F}\offreg.dll
2014-09-11 15:11 . 2014-09-11 15:12	--------	d-----w-	C:\FRST
2014-09-10 21:11 . 2014-09-11 01:44	--------	d-----w-	c:\windows\rescache
2014-09-10 19:34 . 2014-06-27 02:08	2777088	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2014-09-10 19:34 . 2014-06-27 01:45	2285056	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-09 18:28 . 2014-08-01 11:53	1031168	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-09-09 18:28 . 2014-08-01 11:35	793600	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2014-09-09 18:23 . 2014-06-24 03:29	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2014-09-09 18:23 . 2014-06-24 02:59	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2014-09-09 18:17 . 2014-07-07 02:06	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-09-09 18:17 . 2014-07-07 02:06	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-09-09 18:17 . 2014-07-07 01:40	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-09-09 18:17 . 2014-07-07 01:40	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-09-09 18:17 . 2014-07-07 01:39	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-09-09 18:17 . 2014-09-05 02:10	578048	----a-w-	c:\windows\system32\aepdu.dll
2014-09-09 18:17 . 2014-09-05 02:05	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-09-09 18:14 . 2014-08-21 03:43	11319192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{10B79095-0DCD-4A94-83F4-DB67CB67521F}\mpengine.dll
2014-09-06 07:03 . 2014-09-11 01:08	--------	d-----w-	c:\program files (x86)\globalUpdate
2014-09-06 07:03 . 2014-09-06 07:03	--------	d-----w-	c:\users\Cronix\AppData\Local\globalUpdate
2014-09-06 07:03 . 2014-09-09 17:51	--------	d-----w-	c:\program files (x86)\Browsers Apps -
2014-09-06 07:01 . 2014-09-06 07:02	--------	d-----w-	c:\programdata\IePluginServices
2014-09-06 07:01 . 2014-09-09 18:01	--------	d-----w-	c:\programdata\WindowsMangerProtect
2014-09-06 07:01 . 2014-09-06 07:02	--------	d-----w-	c:\program files (x86)\SupTab
2014-08-27 19:41 . 2014-08-23 02:07	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-27 19:41 . 2014-08-23 01:45	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-08-27 19:41 . 2014-08-23 00:59	3163648	----a-w-	c:\windows\system32\win32k.sys
2014-08-22 16:38 . 2014-08-22 16:38	--------	d-----w-	c:\users\Cronix\AppData\Local\Amazon Music
2014-08-18 18:53 . 2014-08-18 18:53	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-08-18 18:53 . 2014-08-18 18:53	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-14 19:35 . 2014-03-09 21:48	171160	----a-w-	c:\windows\system32\infocardapi.dll
2014-08-14 19:35 . 2014-03-09 21:48	1389208	----a-w-	c:\windows\system32\icardagt.exe
2014-08-14 19:35 . 2014-03-09 21:47	99480	----a-w-	c:\windows\SysWow64\infocardapi.dll
2014-08-14 19:35 . 2014-03-09 21:47	619672	----a-w-	c:\windows\SysWow64\icardagt.exe
2014-08-14 19:35 . 2014-06-30 22:24	8856	----a-w-	c:\windows\system32\icardres.dll
2014-08-14 19:35 . 2014-06-30 22:14	8856	----a-w-	c:\windows\SysWow64\icardres.dll
2014-08-14 19:35 . 2014-06-06 06:16	35480	----a-w-	c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 19:35 . 2014-06-06 06:12	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2014-08-14 19:32 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDTAT.DLL
2014-08-14 19:32 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDYAK.DLL
2014-08-14 19:32 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDRU1.DLL
2014-08-14 19:32 . 2014-07-09 02:03	6656	----a-w-	c:\windows\system32\KBDRU.DLL
2014-08-14 19:32 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDBASH.DLL
2014-08-14 19:32 . 2014-07-09 01:31	7168	----a-w-	c:\windows\SysWow64\KBDYAK.DLL
2014-08-14 19:32 . 2014-07-09 01:31	6656	----a-w-	c:\windows\SysWow64\KBDBASH.DLL
2014-08-14 19:27 . 2014-07-16 03:23	2048	----a-w-	c:\windows\system32\tzres.dll
2014-08-14 19:27 . 2014-07-16 02:46	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-08-14 19:27 . 2014-06-03 10:02	3241984	----a-w-	c:\windows\system32\msi.dll
2014-08-14 19:27 . 2014-06-03 10:02	1941504	----a-w-	c:\windows\system32\authui.dll
2014-08-14 19:27 . 2014-06-03 09:29	2363392	----a-w-	c:\windows\SysWow64\msi.dll
2014-08-14 19:27 . 2014-06-03 09:29	1805824	----a-w-	c:\windows\SysWow64\authui.dll
2014-08-14 19:27 . 2014-06-03 10:02	112064	----a-w-	c:\windows\system32\consent.exe
2014-08-14 19:27 . 2014-06-03 10:02	504320	----a-w-	c:\windows\system32\msihnd.dll
2014-08-14 19:27 . 2014-06-03 09:29	337408	----a-w-	c:\windows\SysWow64\msihnd.dll
2014-08-14 19:27 . 2014-06-16 02:10	985536	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2014-08-14 19:26 . 2014-06-25 02:05	14175744	----a-w-	c:\windows\system32\shell32.dll
2014-08-14 19:24 . 2014-07-14 02:02	1216000	----a-w-	c:\windows\system32\rpcrt4.dll
2014-08-14 19:24 . 2014-07-14 01:40	664064	----a-w-	c:\windows\SysWow64\rpcrt4.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 19:35 . 2012-11-08 23:22	101694776	----a-w-	c:\windows\system32\MRT.exe
2014-08-05 07:20 . 2012-12-30 14:56	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-07-25 00:35 . 2014-07-25 00:35	875688	----a-w-	c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47	869544	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2014-07-09 17:00 . 2012-11-08 22:00	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 17:00 . 2012-11-08 22:00	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-08 11:40 . 2012-12-06 15:02	427360	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-07-08 11:40 . 2014-04-29 15:52	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-07-08 11:40 . 2014-01-09 16:02	92008	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-07-08 11:40 . 2013-04-02 16:31	224896	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-07-08 11:40 . 2013-04-02 16:31	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-07-08 11:40 . 2012-12-06 15:02	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-07-08 11:40 . 2012-12-06 15:02	1041168	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-07-08 11:40 . 2012-12-06 15:02	79184	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-07-08 11:40 . 2012-12-06 15:02	307344	----a-w-	c:\windows\system32\aswBoot.exe
2014-07-08 11:40 . 2014-07-08 11:40	43152	----a-w-	c:\windows\avastSS.scr
2014-06-18 02:18 . 2014-07-18 16:32	692736	----a-w-	c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-18 16:32	646144	----a-w-	c:\windows\SysWow64\osk.exe
2009-09-27 07:39	369152	--sh--w-	c:\windows\SysWOW64\avisynth.dll
2005-07-14 10:31	32256	--sh--w-	c:\windows\SysWOW64\AVSredirect.dll
2004-02-22 08:11	719872	--sh--w-	c:\windows\SysWOW64\devil.dll
2006-05-03 09:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2004-01-24 22:00	70656	--sh--w-	c:\windows\SysWOW64\i420vfw.dll
2007-02-21 10:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2011-02-11 09:26	112128	--sha-r-	c:\windows\SysWOW64\OptimFROG.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
2012-10-05 17:54	188416	--sha-r-	c:\windows\SysWOW64\winDCE32.dll
2004-01-24 22:00	70656	--sh--w-	c:\windows\SysWOW64\yv12vfw.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-09-06 07:01	515464	----a-w-	c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="d:\programme\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"AvastUI.exe"="d:\programme\Avast\AvastUI.exe" [2014-08-02 4085896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0sdnclean64.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe;c:\programdata\IePluginServices\PluginService.exe [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-08 17:00]
.
2014-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001Core.job
- c:\users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-02 18:15]
.
2014-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001UA.job
- c:\users\Cronix\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-02 18:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-08 11:40	634872	----a-w-	d:\programme\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
mDefault_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
mDefault_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
mStart Page = hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.72.40
FF - ProfilePath - c:\users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE&l=1&q=
FF - prefs.js: browser.search.selectedEngine - istartsurf
FF - prefs.js: browser.startup.homepage - hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C
FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE&l=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{0723E272-F87E-16C9-AA14-EE337D5EDFF3} - c:\progra~4\INSTAL~1\{9870F~1\Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1561155398-30386077-217878308-1001\Software\SecuROM\License information*]
"datasecu"=hex:ae,dd,17,2d,c1,9f,5e,47,e6,73,0f,c1,3a,c3,7c,61,d2,22,07,dc,9c,
   da,8e,a5,a3,1b,dd,70,d4,c7,78,28,2d,cd,13,76,49,e2,83,7d,3f,36,bc,2b,f7,72,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-12  17:48:38
ComboFix-quarantined-files.txt  2014-09-12 15:48
.
Vor Suchlauf: 4.795.072.512 Bytes frei
Nach Suchlauf: 7.801.458.688 Bytes frei
.
- - End Of File - - 76F6EA7E72F8A303C8946E5600CB5EA1
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 13.09.2014, 15:16   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Win7, Search Protect + istasurf eingefangen - Standard

Win7, Search Protect + istasurf eingefangen



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.09.2014, 16:04   #11
V0rt3X
 
Win7, Search Protect + istasurf eingefangen - Standard

Win7, Search Protect + istasurf eingefangen



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 13.09.2014
Suchlauf-Zeit: 16:41:49
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.13.02
Rootkit Datenbank: v2014.09.12.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Cronix

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 353698
Verstrichene Zeit: 7 Min, 0 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 4
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1820, Löschen bei Neustart, [72b4e9044734c96de8140461a55c04fc]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, 1872, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, 2056, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, 1700, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808]

Module: 15
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 

Registrierungsschlüssel: 29
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantäne, [72b4e9044734c96de8140461a55c04fc], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}, In Quarantäne, [3de907e68af1a1956b2ee5d70cf60af6], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DF84E609-C3A4-49CB-A160-61767DAF8899}, In Quarantäne, [3de907e68af1a1956b2ee5d70cf60af6], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [43e3ba337a01fb3b225ba2b063a19a66], 
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [3aecb7361368a492eb89ac5634cf966a], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [a185836ab7c42313678beb7b09fb25db], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [c363ca23532840f6258ca15f798a768a], 
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [ad799657c0bbf14594e9282a966e27d9], 
PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [ce5848a5d3a8b680c9db640439cb2bd5], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, [7bab36b73c3f9c9a3a43a65aa55ef10f], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [fb2b3db0b4c7a492634d9b65eb188977], 
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, In Quarantäne, [11157776324973c38e4e9179aa5932ce], 
PUP.Optional.BrowsersApp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browsers Apps -, In Quarantäne, [ee38ae3f3d3edf57a0a8788d33d033cd], 
PUP.Optional.WebSearches.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantäne, [d353a04d4734ef473f2f1ce657ac39c7], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [0a1c8667007b8ea8c92731cab05206fa], 
PUP.Optional.Qone8, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [9c8a18d54833c57133499ab85fa5f709], 
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [1412e5087209c86efd0c173ec63ef60a], 
PUP.Optional.FastStart.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [96909b52007bf0467e235ba2a45e0000], 

Registrierungswerte: 4
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com, In Quarantäne, [c660668787f4c571ff0b8bdb42c249b7]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, In Quarantäne, [7bab36b73c3f9c9a3a43a65aa55ef10f]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, tugs, In Quarantäne, [fb2b3db0b4c7a492634d9b65eb188977]
PUP.Optional.FastStart.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [96909b52007bf0467e235ba2a45e0000]

Registrierungsdaten: 9
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (firefox.exe), Schlecht: (D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[d155f9f4cead6fc72c0db43d9b6931cf]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[32f449a46a11db5b56dcca2735cf13ed]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[161040ade992f73fc4876e8e996b966a]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (firefox.exe), Schlecht: (D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[32f4d71614675fd7ab8e10e12ed60df3]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}),Ersetzt,[05217f6e69123cfa052bb73a758f37c9]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[0a1c24c99ddec86e5dd11fd240c4e51b]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[cc5ae805e992ee488da51ed321e322de]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[a08624c9daa11f177ccf5aa236cefa06]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[ac7aeb025229211580b3e60baa5a20e0]

Ordner: 66
PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Löschen bei Neustart, [dc4a2fbe344700367c38a0450bf711ef], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [dc4a2fbe344700367c38a0450bf711ef], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en-US, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es-419, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pl, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\tr, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\vi, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.BrowsersApp.A, C:\Program Files (x86)\Browsers Apps -, In Quarantäne, [78ae9c51156639fd971c737c20e215eb], 

Dateien: 141
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [72b4e9044734c96de8140461a55c04fc], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [1d095994d9a22b0b1a5ab2e340c1b44c], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [4bdbc4291269082e6b09a7ee847d7090], 
PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [82a431bcc7b4e056e4bd0177758c3cc4], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [35f1f3fa6516f24471036134e21fa957], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [64c26d805c1f58de650f5342a1607c84], 
PUP.Optional.IePluginService.A, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, In Quarantäne, [cc5a09e4ccafa88ede1ea3c2d9284bb5], 
PUP.Optional.InstallCore, C:\Users\Cronix\Downloads\updatestardriverslb_DE.exe, In Quarantäne, [71b529c4d6a5999dd6ed9645d62e04fc], 
PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater\Updater.xml, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], 
PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater\status.cfg, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], 
PUP.Optional.SelectNGo.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Löschen bei Neustart, [6abc925b5724dc5a2b16cf4690735da3], 
PUP.Optional.SelectNGo.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Löschen bei Neustart, [e541effef18a9c9a58e9cb4aa55e4db3], 
PUP.Optional.LiveLyrics.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [31f589646a1169cd118091859d66f60a], 
PUP.Optional.LiveLyrics.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [83a3a944631879bdf69ba76fe221867a], 
PUP.Optional.Superfish.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [d94d38b50e6dac8afa9af8200cf7ff01], 
PUP.Optional.Superfish.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [35f1a24b0774ca6ccdc7b662976cca36], 
PUP.Optional.WebSearch.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\searchplugins\WebSearch.xml, In Quarantäne, [ae7800ed9cdf3ff708ab7da94bb86b95], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [dc4a2fbe344700367c38a0450bf711ef], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome.manifest, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\install.rdf, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\index.html, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\style.css, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\addonmanager.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\aes.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\config.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\dialogs.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\last_tab.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\misc.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\properties.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\remoterequest.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\settings.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-06[09-01-40-352].log, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.BrowsersApp.A, C:\Program Files (x86)\Browsers Apps -\Uninstall.exe, In Quarantäne, [78ae9c51156639fd971c737c20e215eb], 
PUP.Optional.IStartSurf.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C");), Ersetzt,[32f4727b3f3c033383532b02a2636f91]
PUP.Optional.IStartSurf.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.istartsurf.com/newtab/?type=nt&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C");), Ersetzt,[0f172cc14f2c7fb743942a039c69669a]

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
# AdwCleaner v3.310 - Bericht erstellt am 13/09/2014 um 16:59:17
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Cronix - REAVOR
# Gestartet von : C:\Users\Cronix\Downloads\adwcleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\adawaretb
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Users\Cronix\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Cronix\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\Cronix\AppData\Roaming\Betcat
Ordner Gelöscht : C:\Users\Cronix\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\adawaretb
Datei Gelöscht : C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\adawaretb
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\SP Global
Schlüssel Gelöscht : HKLM\SOFTWARE\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v16.0.2 (de)

[ Datei : C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "istartsurf");
Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE&l=1&q=");
Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");
Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "istartsurf");
Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
Zeile gelöscht : user_pref("extensions.515b0ac07507c.scode", "objec2string=function(b){return\"{\"+function(b){var e=[],c,f;for(f in b)b.hasOwnProperty(f)&&(c=b[f],e[e.length]=c&&\"object\"==typeof c?f+\":{ \"+argumen[...]
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE&l=1&q=");

-\\ Google Chrome v

[ Datei : C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5099 octets] - [13/09/2014 16:56:25]
AdwCleaner[S0].txt - [4752 octets] - [13/09/2014 16:59:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4812 octets] ##########
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 13.09.2014
Suchlauf-Zeit: 16:41:49
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.13.02
Rootkit Datenbank: v2014.09.12.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Cronix

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 353698
Verstrichene Zeit: 7 Min, 0 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 4
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1820, Löschen bei Neustart, [72b4e9044734c96de8140461a55c04fc]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, 1872, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, 2056, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, 1700, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808]

Module: 15
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 

Registrierungsschlüssel: 29
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantäne, [72b4e9044734c96de8140461a55c04fc], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}, In Quarantäne, [3de907e68af1a1956b2ee5d70cf60af6], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DF84E609-C3A4-49CB-A160-61767DAF8899}, In Quarantäne, [3de907e68af1a1956b2ee5d70cf60af6], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [43e3ba337a01fb3b225ba2b063a19a66], 
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [3aecb7361368a492eb89ac5634cf966a], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [a185836ab7c42313678beb7b09fb25db], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [c363ca23532840f6258ca15f798a768a], 
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [ad799657c0bbf14594e9282a966e27d9], 
PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [ce5848a5d3a8b680c9db640439cb2bd5], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, [7bab36b73c3f9c9a3a43a65aa55ef10f], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [fb2b3db0b4c7a492634d9b65eb188977], 
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, In Quarantäne, [11157776324973c38e4e9179aa5932ce], 
PUP.Optional.BrowsersApp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browsers Apps -, In Quarantäne, [ee38ae3f3d3edf57a0a8788d33d033cd], 
PUP.Optional.WebSearches.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantäne, [d353a04d4734ef473f2f1ce657ac39c7], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [0a1c8667007b8ea8c92731cab05206fa], 
PUP.Optional.Qone8, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [9c8a18d54833c57133499ab85fa5f709], 
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [1412e5087209c86efd0c173ec63ef60a], 
PUP.Optional.FastStart.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [96909b52007bf0467e235ba2a45e0000], 

Registrierungswerte: 4
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com, In Quarantäne, [c660668787f4c571ff0b8bdb42c249b7]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, In Quarantäne, [7bab36b73c3f9c9a3a43a65aa55ef10f]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, tugs, In Quarantäne, [fb2b3db0b4c7a492634d9b65eb188977]
PUP.Optional.FastStart.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [96909b52007bf0467e235ba2a45e0000]

Registrierungsdaten: 9
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (firefox.exe), Schlecht: (D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[d155f9f4cead6fc72c0db43d9b6931cf]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[32f449a46a11db5b56dcca2735cf13ed]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[161040ade992f73fc4876e8e996b966a]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (firefox.exe), Schlecht: (D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[32f4d71614675fd7ab8e10e12ed60df3]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}),Ersetzt,[05217f6e69123cfa052bb73a758f37c9]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[0a1c24c99ddec86e5dd11fd240c4e51b]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[cc5ae805e992ee488da51ed321e322de]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[a08624c9daa11f177ccf5aa236cefa06]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[ac7aeb025229211580b3e60baa5a20e0]

Ordner: 66
PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Löschen bei Neustart, [dc4a2fbe344700367c38a0450bf711ef], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [dc4a2fbe344700367c38a0450bf711ef], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en-US, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es-419, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pl, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\tr, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\vi, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.BrowsersApp.A, C:\Program Files (x86)\Browsers Apps -, In Quarantäne, [78ae9c51156639fd971c737c20e215eb], 

Dateien: 141
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [72b4e9044734c96de8140461a55c04fc], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [1d095994d9a22b0b1a5ab2e340c1b44c], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [4bdbc4291269082e6b09a7ee847d7090], 
PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [82a431bcc7b4e056e4bd0177758c3cc4], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [35f1f3fa6516f24471036134e21fa957], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [64c26d805c1f58de650f5342a1607c84], 
PUP.Optional.IePluginService.A, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, In Quarantäne, [cc5a09e4ccafa88ede1ea3c2d9284bb5], 
PUP.Optional.InstallCore, C:\Users\Cronix\Downloads\updatestardriverslb_DE.exe, In Quarantäne, [71b529c4d6a5999dd6ed9645d62e04fc], 
PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater\Updater.xml, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], 
PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater\status.cfg, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], 
PUP.Optional.SelectNGo.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Löschen bei Neustart, [6abc925b5724dc5a2b16cf4690735da3], 
PUP.Optional.SelectNGo.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Löschen bei Neustart, [e541effef18a9c9a58e9cb4aa55e4db3], 
PUP.Optional.LiveLyrics.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [31f589646a1169cd118091859d66f60a], 
PUP.Optional.LiveLyrics.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [83a3a944631879bdf69ba76fe221867a], 
PUP.Optional.Superfish.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [d94d38b50e6dac8afa9af8200cf7ff01], 
PUP.Optional.Superfish.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [35f1a24b0774ca6ccdc7b662976cca36], 
PUP.Optional.WebSearch.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\searchplugins\WebSearch.xml, In Quarantäne, [ae7800ed9cdf3ff708ab7da94bb86b95], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [dc4a2fbe344700367c38a0450bf711ef], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome.manifest, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\install.rdf, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\index.html, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\style.css, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\addonmanager.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\aes.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\config.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\dialogs.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\last_tab.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\misc.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\properties.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\remoterequest.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\settings.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-06[09-01-40-352].log, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.BrowsersApp.A, C:\Program Files (x86)\Browsers Apps -\Uninstall.exe, In Quarantäne, [78ae9c51156639fd971c737c20e215eb], 
PUP.Optional.IStartSurf.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C");), Ersetzt,[32f4727b3f3c033383532b02a2636f91]
PUP.Optional.IStartSurf.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.istartsurf.com/newtab/?type=nt&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C");), Ersetzt,[0f172cc14f2c7fb743942a039c69669a]

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Alt 13.09.2014, 16:24   #12
V0rt3X
 
Win7, Search Protect + istasurf eingefangen - Standard

Win7, Search Protect + istasurf eingefangen



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 13.09.2014
Suchlauf-Zeit: 16:41:49
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.13.02
Rootkit Datenbank: v2014.09.12.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Cronix

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 353698
Verstrichene Zeit: 7 Min, 0 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 4
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1820, Löschen bei Neustart, [72b4e9044734c96de8140461a55c04fc]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, 1872, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, 2056, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, 1700, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808]

Module: 15
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 

Registrierungsschlüssel: 29
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantäne, [72b4e9044734c96de8140461a55c04fc], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [43e388656e0d82b4d775830c8c76a55b], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}, In Quarantäne, [3de907e68af1a1956b2ee5d70cf60af6], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DF84E609-C3A4-49CB-A160-61767DAF8899}, In Quarantäne, [3de907e68af1a1956b2ee5d70cf60af6], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [43e3ba337a01fb3b225ba2b063a19a66], 
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [3aecb7361368a492eb89ac5634cf966a], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [a185836ab7c42313678beb7b09fb25db], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [c363ca23532840f6258ca15f798a768a], 
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [ad799657c0bbf14594e9282a966e27d9], 
PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [ce5848a5d3a8b680c9db640439cb2bd5], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, [7bab36b73c3f9c9a3a43a65aa55ef10f], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [fb2b3db0b4c7a492634d9b65eb188977], 
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, In Quarantäne, [11157776324973c38e4e9179aa5932ce], 
PUP.Optional.BrowsersApp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browsers Apps -, In Quarantäne, [ee38ae3f3d3edf57a0a8788d33d033cd], 
PUP.Optional.WebSearches.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantäne, [d353a04d4734ef473f2f1ce657ac39c7], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [0a1c8667007b8ea8c92731cab05206fa], 
PUP.Optional.Qone8, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [9c8a18d54833c57133499ab85fa5f709], 
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [1412e5087209c86efd0c173ec63ef60a], 
PUP.Optional.FastStart.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [96909b52007bf0467e235ba2a45e0000], 

Registrierungswerte: 4
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com, In Quarantäne, [c660668787f4c571ff0b8bdb42c249b7]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, In Quarantäne, [7bab36b73c3f9c9a3a43a65aa55ef10f]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, tugs, In Quarantäne, [fb2b3db0b4c7a492634d9b65eb188977]
PUP.Optional.FastStart.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [96909b52007bf0467e235ba2a45e0000]

Registrierungsdaten: 9
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (firefox.exe), Schlecht: (D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[d155f9f4cead6fc72c0db43d9b6931cf]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[32f449a46a11db5b56dcca2735cf13ed]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[161040ade992f73fc4876e8e996b966a]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (firefox.exe), Schlecht: (D:\Programme\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[32f4d71614675fd7ab8e10e12ed60df3]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C&q={searchTerms}),Ersetzt,[05217f6e69123cfa052bb73a758f37c9]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[0a1c24c99ddec86e5dd11fd240c4e51b]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[cc5ae805e992ee488da51ed321e322de]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[a08624c9daa11f177ccf5aa236cefa06]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-1561155398-30386077-217878308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C),Ersetzt,[ac7aeb025229211580b3e60baa5a20e0]

Ordner: 66
PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Löschen bei Neustart, [dc4a2fbe344700367c38a0450bf711ef], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [dc4a2fbe344700367c38a0450bf711ef], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en-US, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es-419, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pl, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\tr, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\vi, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.BrowsersApp.A, C:\Program Files (x86)\Browsers Apps -, In Quarantäne, [78ae9c51156639fd971c737c20e215eb], 

Dateien: 141
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [72b4e9044734c96de8140461a55c04fc], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [66c09d50aad12a0c5852a7e020e20ff1], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [1d095994d9a22b0b1a5ab2e340c1b44c], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [4bdbc4291269082e6b09a7ee847d7090], 
PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [82a431bcc7b4e056e4bd0177758c3cc4], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [35f1f3fa6516f24471036134e21fa957], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [64c26d805c1f58de650f5342a1607c84], 
PUP.Optional.IePluginService.A, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, In Quarantäne, [cc5a09e4ccafa88ede1ea3c2d9284bb5], 
PUP.Optional.InstallCore, C:\Users\Cronix\Downloads\updatestardriverslb_DE.exe, In Quarantäne, [71b529c4d6a5999dd6ed9645d62e04fc], 
PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater\Updater.xml, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], 
PUP.Optional.SoftwareUpdater.A, C:\Users\Cronix\AppData\Local\SwvUpdater\status.cfg, In Quarantäne, [70b62ac33b405dd99b1f18f0df2446ba], 
PUP.Optional.SelectNGo.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Löschen bei Neustart, [6abc925b5724dc5a2b16cf4690735da3], 
PUP.Optional.SelectNGo.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Löschen bei Neustart, [e541effef18a9c9a58e9cb4aa55e4db3], 
PUP.Optional.LiveLyrics.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [31f589646a1169cd118091859d66f60a], 
PUP.Optional.LiveLyrics.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [83a3a944631879bdf69ba76fe221867a], 
PUP.Optional.Superfish.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [d94d38b50e6dac8afa9af8200cf7ff01], 
PUP.Optional.Superfish.A, C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [35f1a24b0774ca6ccdc7b662976cca36], 
PUP.Optional.WebSearch.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\searchplugins\WebSearch.xml, In Quarantäne, [ae7800ed9cdf3ff708ab7da94bb86b95], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [dc4a2fbe344700367c38a0450bf711ef], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome.manifest, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\install.rdf, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\index.html, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\chrome\skin\style.css, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\addonmanager.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\aes.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\config.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\dialogs.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\last_tab.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\misc.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\properties.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\remoterequest.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.FastStart.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com\modules\settings.js, In Quarantäne, [ce58d4191a61b3837a6ce105d52d3ec2], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-06[09-01-40-352].log, In Quarantäne, [ad799b52c6b51e182afa1eca9d65eb15], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, Löschen bei Neustart, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [180e21ccc8b373c379c96b833fc3f808], 
PUP.Optional.BrowsersApp.A, C:\Program Files (x86)\Browsers Apps -\Uninstall.exe, In Quarantäne, [78ae9c51156639fd971c737c20e215eb], 
PUP.Optional.IStartSurf.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.istartsurf.com/?type=hp&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C");), Ersetzt,[32f4727b3f3c033383532b02a2636f91]
PUP.Optional.IStartSurf.A, C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.istartsurf.com/newtab/?type=nt&ts=1409986809&from=tugs&uid=3219913727_67194_78710A4C");), Ersetzt,[0f172cc14f2c7fb743942a039c69669a]

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
# AdwCleaner v3.310 - Bericht erstellt am 13/09/2014 um 16:59:17
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Cronix - REAVOR
# Gestartet von : C:\Users\Cronix\Downloads\adwcleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\adawaretb
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Users\Cronix\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Cronix\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\Cronix\AppData\Roaming\Betcat
Ordner Gelöscht : C:\Users\Cronix\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\adawaretb
Datei Gelöscht : C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\adawaretb
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\SP Global
Schlüssel Gelöscht : HKLM\SOFTWARE\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v16.0.2 (de)

[ Datei : C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "istartsurf");
Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE&l=1&q=");
Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");
Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "istartsurf");
Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
Zeile gelöscht : user_pref("extensions.515b0ac07507c.scode", "objec2string=function(b){return\"{\"+function(b){var e=[],c,f;for(f in b)b.hasOwnProperty(f)&&(c=b[f],e[e.length]=c&&\"object\"==typeof c?f+\":{ \"+argumen[...]
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=726&r=2013/04/02&hid=258517195&lg=EN&cc=DE&l=1&q=");

-\\ Google Chrome v

[ Datei : C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5099 octets] - [13/09/2014 16:56:25]
AdwCleaner[S0].txt - [4752 octets] - [13/09/2014 16:59:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4812 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Cronix on 13.09.2014 at 17:12:37,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.09.2014 at 17:15:55,16
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Cronix (administrator) on REAVOR on 13-09-2014 17:23:10
Running from C:\Users\Cronix\Desktop\Tools
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) D:\Programme\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Elaborate Bytes AG) D:\Programme\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) D:\Programme\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cronix\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-24] (Logitech Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Programme\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Programme\Avast\AvastUI.exe [4085896 2014-08-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Programme\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4AF9E940FBBDCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.72.40

FireFox:
========
FF ProfilePath: C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: {{EXT_NAME}} - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack [2014-09-10]
FF Extension: Lavasoft Search Plugin - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-02]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Programme\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Programme\Avast\WebRep\FF [2012-12-06]
FF Extension: No Name - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\extensions\herman.thorne45@outlook.com [Not Found]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "https://www.google.de/webhp?sourceid=chrome-instant&rlz=1C1GTPM_deDE530DE530&ion=1&espv=2&ie=UTF-8"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - D:\Programme\Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR Plugin: (Google Update) - C:\Users\Cronix\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (VLC Web Plugin) - D:\Programme\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-02]
CHR Extension: (Google Drive) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-02]
CHR Extension: (Google-Suche) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-02]
CHR Extension: (Logitech SetPoint) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-04-02]
CHR Extension: (Cut the Rope) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-04-02]
CHR Extension: (Fruity Annie) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbacnfobpliffdmiickfhceamljbcnjf [2013-04-02]
CHR Extension: (lipakennkogpodadpikgipnogamhklmk) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2014-09-10]
CHR Extension: (Google Wallet) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-02]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Programme\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; D:\Programme\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
R2 MBAMScheduler; D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-08] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-02] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [61088 2012-03-15] (SEIKO EPSON CORPORATION)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 17:15 - 2014-09-13 17:15 - 00000764 _____ () C:\Users\Cronix\Desktop\JRT.txt
2014-09-13 17:08 - 2014-09-13 17:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-13 16:56 - 2014-09-13 16:59 - 00000000 ____D () C:\AdwCleaner
2014-09-13 16:56 - 2014-09-13 16:56 - 01373475 _____ () C:\Users\Cronix\Downloads\adwcleaner_3.310.exe
2014-09-13 16:40 - 2014-09-13 17:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 16:40 - 2014-09-13 16:40 - 00000731 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-13 16:40 - 2014-09-13 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-13 16:40 - 2014-09-13 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 16:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-13 16:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-13 16:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-12 21:22 - 2014-09-12 21:22 - 00000000 ____D () C:\Users\Cronix\AppData\Roaming\dvdcss
2014-09-12 17:48 - 2014-09-12 17:48 - 00018061 _____ () C:\Users\Cronix\Desktop\ComboFix.txt
2014-09-12 17:39 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-12 17:39 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-12 17:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-12 17:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-12 17:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-12 17:39 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-12 17:39 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-12 17:39 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-12 17:37 - 2014-09-12 17:48 - 00000000 ____D () C:\Qoobox
2014-09-12 17:37 - 2014-09-12 17:47 - 00000000 ____D () C:\Windows\erdnt
2014-09-12 17:33 - 2014-09-12 17:35 - 05577449 ____R (Swearware) C:\Users\Cronix\Desktop\ComboFix.exe
2014-09-11 17:30 - 2014-09-11 17:31 - 01110476 _____ () C:\Users\Cronix\Downloads\7z920.exe
2014-09-11 17:11 - 2014-09-13 17:23 - 00000000 ____D () C:\FRST
2014-09-11 16:59 - 2014-09-13 17:23 - 00000000 ____D () C:\Users\Cronix\Desktop\Tools
2014-09-11 03:00 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:00 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 03:00 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:00 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:00 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:00 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 03:00 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:00 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:00 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:00 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:00 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:00 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:00 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 03:00 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:00 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:00 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:00 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:00 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:00 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:00 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 03:00 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:00 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:00 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 03:00 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:00 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 03:00 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 03:00 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 03:00 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 03:00 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:00 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:00 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 03:00 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 03:00 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:00 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 03:00 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 03:00 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 03:00 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 03:00 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:00 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:00 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:00 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:00 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:00 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 03:00 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 03:00 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 03:00 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:00 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 03:00 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:00 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 03:00 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 03:00 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 03:00 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:00 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 03:00 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 03:00 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:00 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 23:11 - 2014-09-11 03:44 - 00000000 ____D () C:\Windows\rescache
2014-09-10 21:34 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 21:34 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 20:28 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-09 20:28 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-09 20:25 - 2014-09-09 20:25 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 1
2014-09-09 20:23 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-09 20:23 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 20:17 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 20:17 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 20:17 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-09 20:17 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 20:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-09 20:17 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-09 20:17 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-09 20:06 - 2014-09-09 20:06 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 2
2014-09-09 19:52 - 2014-09-09 19:52 - 00003148 _____ () C:\Windows\System32\Tasks\{38F96F6E-C465-43B4-9558-C378A02AFAFE}
2014-09-06 09:01 - 2014-09-06 09:01 - 00000000 ____D () C:\Users\Cronix\Documents\My Cheat Tables
2014-08-27 21:41 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 21:41 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 21:41 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 18:38 - 2014-08-22 18:38 - 00001123 _____ () C:\Users\Cronix\Desktop\Amazon Music.lnk
2014-08-20 21:56 - 2014-08-20 21:56 - 00004728 _____ () C:\Users\Cronix\Desktop\Flitze Feuerzahn.m3u
2014-08-18 20:53 - 2014-08-18 20:53 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 20:53 - 2014-08-18 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 21:35 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 21:35 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 21:35 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 21:35 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 21:35 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 21:35 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 21:35 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 21:35 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 21:32 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 21:32 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 21:32 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 21:32 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 21:32 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 21:32 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 21:32 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 21:32 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 21:32 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 21:32 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 21:32 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 21:32 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 21:27 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 21:27 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 21:27 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 21:27 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 21:27 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 21:27 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 21:27 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 21:27 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 21:27 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 21:27 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 21:26 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 21:26 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 21:24 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 21:24 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 17:23 - 2014-09-11 17:11 - 00000000 ____D () C:\FRST
2014-09-13 17:23 - 2014-09-11 16:59 - 00000000 ____D () C:\Users\Cronix\Desktop\Tools
2014-09-13 17:23 - 2012-12-15 16:12 - 00000000 ____D () C:\Users\Cronix\AppData\Local\Apps\2.0
2014-09-13 17:18 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-13 17:18 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-13 17:15 - 2014-09-13 17:15 - 00000764 _____ () C:\Users\Cronix\Desktop\JRT.txt
2014-09-13 17:12 - 2014-09-13 16:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 17:11 - 2012-11-08 23:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-13 17:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-13 17:11 - 2009-07-14 06:51 - 00026431 _____ () C:\Windows\setupact.log
2014-09-13 17:10 - 2012-11-08 23:31 - 02045531 _____ () C:\Windows\WindowsUpdate.log
2014-09-13 17:08 - 2014-09-13 17:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-13 17:00 - 2012-11-08 23:43 - 00439592 _____ () C:\Windows\PFRO.log
2014-09-13 16:59 - 2014-09-13 16:56 - 00000000 ____D () C:\AdwCleaner
2014-09-13 16:59 - 2012-12-19 18:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-13 16:56 - 2014-09-13 16:56 - 01373475 _____ () C:\Users\Cronix\Downloads\adwcleaner_3.310.exe
2014-09-13 16:40 - 2014-09-13 16:40 - 00000731 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-13 16:40 - 2014-09-13 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-13 16:40 - 2014-09-13 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 16:29 - 2014-03-05 18:10 - 00000000 ____D () C:\Users\Cronix\AppData\Local\Battle.net
2014-09-13 16:11 - 2013-04-02 20:15 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001UA.job
2014-09-13 14:17 - 2012-12-06 17:02 - 00004144 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-12 21:22 - 2014-09-12 21:22 - 00000000 ____D () C:\Users\Cronix\AppData\Roaming\dvdcss
2014-09-12 17:48 - 2014-09-12 17:48 - 00018061 _____ () C:\Users\Cronix\Desktop\ComboFix.txt
2014-09-12 17:48 - 2014-09-12 17:37 - 00000000 ____D () C:\Qoobox
2014-09-12 17:48 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-12 17:47 - 2014-09-12 17:37 - 00000000 ____D () C:\Windows\erdnt
2014-09-12 17:46 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-12 17:35 - 2014-09-12 17:33 - 05577449 ____R (Swearware) C:\Users\Cronix\Desktop\ComboFix.exe
2014-09-12 08:20 - 2012-11-09 17:17 - 00000000 ____D () C:\Users\Cronix\AppData\Roaming\vlc
2014-09-11 17:31 - 2014-09-11 17:30 - 01110476 _____ () C:\Users\Cronix\Downloads\7z920.exe
2014-09-11 17:11 - 2013-04-02 20:15 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001Core.job
2014-09-11 03:44 - 2014-09-10 23:11 - 00000000 ____D () C:\Windows\rescache
2014-09-10 21:38 - 2013-04-02 18:07 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 21:38 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-09-10 21:38 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-09-10 21:38 - 2009-07-14 07:13 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 21:37 - 2013-08-16 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 21:35 - 2012-11-09 01:22 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 21:34 - 2014-05-07 17:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 20:25 - 2014-09-09 20:25 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 1
2014-09-09 20:06 - 2014-09-09 20:06 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 2
2014-09-09 19:53 - 2012-11-08 23:53 - 00000720 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-09 19:53 - 2012-11-08 23:36 - 00001409 _____ () C:\Users\Cronix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-09 19:52 - 2014-09-09 19:52 - 00003148 _____ () C:\Windows\System32\Tasks\{38F96F6E-C465-43B4-9558-C378A02AFAFE}
2014-09-06 09:03 - 2012-12-14 18:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-06 09:01 - 2014-09-06 09:01 - 00000000 ____D () C:\Users\Cronix\Documents\My Cheat Tables
2014-09-06 09:00 - 2012-11-15 22:29 - 00000000 ____D () C:\Windows\pss
2014-09-05 04:10 - 2014-09-09 20:17 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-09 20:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-28 03:16 - 2009-07-14 06:45 - 00294680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 04:07 - 2014-08-27 21:41 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 21:41 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 21:41 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 18:38 - 2014-08-22 18:38 - 00001123 _____ () C:\Users\Cronix\Desktop\Amazon Music.lnk
2014-08-20 21:56 - 2014-08-20 21:56 - 00004728 _____ () C:\Users\Cronix\Desktop\Flitze Feuerzahn.m3u
2014-08-19 20:05 - 2014-09-11 03:00 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 03:00 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-11 03:00 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 03:00 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 03:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 03:00 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 03:00 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 03:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 03:00 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-11 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-11 03:00 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 03:00 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 03:00 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 03:00 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 03:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 03:00 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 03:00 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 03:00 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 03:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 03:00 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 03:00 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 03:00 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 03:00 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 03:00 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-11 03:00 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-11 03:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 03:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 03:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 03:00 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 03:00 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-11 03:00 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-11 03:00 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 03:00 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 03:00 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 03:00 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 03:00 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 03:00 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-11 03:00 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-11 03:00 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 20:53 - 2014-08-18 20:53 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 20:53 - 2014-08-18 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-18 20:48 - 2014-04-15 23:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-16 17:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Cronix\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-07 21:23

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Sorry, aber irgendwas ist beim vorherigen Post schief gelaufen

Alt 14.09.2014, 12:17   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Win7, Search Protect + istasurf eingefangen - Standard

Win7, Search Protect + istasurf eingefangen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.09.2014, 17:51   #14
V0rt3X
 
Win7, Search Protect + istasurf eingefangen - Standard

Win7, Search Protect + istasurf eingefangen



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1e42e66e2170ee43978146ab345b5e5d
# engine=20163
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-15 04:36:46
# local_time=2014-09-15 06:36:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 810649 175223096 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 35310 162428856 0 0
# scanned=265022
# found=19
# cleaned=0
# scan_time=6348
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Cronix\Lokale Einstellungen\Temp\AskSLib.dll"
sh=3DF621DDBF63ABE9E8632D73EA87FDED137D71FB ft=1 fh=1c88a728f9455b03 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Cronix\Downloads\FreeYouTubeToMP3Converter.exe"
sh=C5069BF606CF37CB610D41E07AFD58D92674691C ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NFT Trojaner" ac=I fn="D:\REAVOR\Backup Set 2013-12-31 174432\Backup Files 2014-04-01 173701\Backup files 1.zip"
sh=FFBB313AD439FC5E0726789F467786B47AC23156 ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.LX evtl. unerwünschte Anwendung" ac=I fn="D:\REAVOR\Backup Set 2014-05-01 202745\Backup Files 2014-05-01 202745\Backup files 18.zip"
sh=A07E1102125655301B3ECA92875FBCE51DAF1437 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="D:\REAVOR\Backup Set 2014-05-01 202745\Backup Files 2014-06-03 195639\Backup files 3.zip"
sh=E7A06E522C3573A8F338867A5131AB00F9A3CBE7 ft=1 fh=2f53c3038a6aa609 vn="Win32/Jeefo.A Virus" ac=I fn="I:\Diablo III\InspectorReporter\BlizzardError.exe"
sh=7BB8B8AB194EE7EB2BDB90AD88D1567182C25EF6 ft=1 fh=eeee0d5bc9dfd9a8 vn="Win32/Jeefo.A Virus" ac=I fn="I:\Filme\Kino Filme\John Rambo\rambo\ratDVDSetup-0.78.1444.exe"
sh=3037904ADA5729AECEED6E9E9FAC513CFD290E26 ft=1 fh=8a1f276ec6e73ddb vn="Win32/Jeefo.A Virus" ac=I fn="I:\Filme\neue FILME\Zuma\PopUninstall.exe"
sh=A801EEBB16D5B12019C99B3B5C9DCC85048975C8 ft=1 fh=866b4ee4eef662fd vn="Win32/Jeefo.A Virus" ac=I fn="I:\Filme\neue FILME\Zuma\Zuma.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Virut.NBP Virus" ac=I fn="I:\Games\Fallout 3\fallout3d\fallout3d.iso"
sh=985DCB9698755D053D61EF5C9BE2A86B7C4708EE ft=1 fh=964d6d92250c1821 vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\Far Cry 2\bin\FarCry2 - Kopie.exe"
sh=DCF11EB5E205F057AEFF720DCE7BCBF472EF014A ft=1 fh=205b7dfe6101c295 vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\Far Cry 2\bin\FC2BenchmarkTool.exe"
sh=6BDAD9D714FC1406EA0C7ACEBC3CBDCACCA675A6 ft=1 fh=ac6a6e66780f18e3 vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\Far Cry 2\bin\FC2Editor.exe"
sh=B938B4A1773BCF6145BD02219D3B1309454B4E2F ft=1 fh=991915a66d1fc953 vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\Far Cry 2\bin\FC2Launcher.exe"
sh=1D198FB3457CD3E7E1D259961E305545B4B7F9AF ft=1 fh=3ca0780f07a06867 vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\Far Cry 2\bin\FC2ServerLauncher.exe"
sh=7211E5654BA87710B5744B8FE593932D5564A960 ft=1 fh=e4de1b11aad2453a vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\Max Payne 2\Kopie von MaxPayne2.exe"
sh=98DCB9108883E70E9B99761526BB7E81A757B9F7 ft=1 fh=6d259607c7a16f18 vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\Max Payne 2\MaxPayne2.exe"
sh=35F158B3E70D0F49410227EDF21CD12F0C471095 ft=1 fh=167f85e4bc6dd6cd vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\Quake\q3pointrelease_132.exe"
sh=E6F8EE544154C55CEBD4C7CEC1D28F07907C8F50 ft=1 fh=167f85e497588c5d vn="Win32/Jeefo.A Virus" ac=I fn="I:\Games\setups\tRoX's CS Script Pack v2.0.exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox 16.0.2 Firefox out of Date!  
 Mozilla Thunderbird (17.0.) 
 Google Chrome 37.0.2062.103  
 Google Chrome 37.0.2062.120  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Avast AvastSvc.exe   
 Avast avastui.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Cronix (administrator) on REAVOR on 15-09-2014 18:50:16
Running from C:\Users\Cronix\Desktop\Tools
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) D:\Programme\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Elaborate Bytes AG) D:\Programme\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) D:\Programme\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-24] (Logitech Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Programme\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Programme\Avast\AvastUI.exe [4085896 2014-08-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Programme\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4AF9E940FBBDCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.72.40

FireFox:
========
FF ProfilePath: C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Cronix\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: {{EXT_NAME}} - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack [2014-09-10]
FF Extension: No Name - C:\Users\Cronix\AppData\Roaming\Mozilla\Firefox\Profiles\q085v107.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-02]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Programme\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Programme\Avast\WebRep\FF [2012-12-06]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "https://www.google.de/webhp?sourceid=chrome-instant&rlz=1C1GTPM_deDE530DE530&ion=1&espv=2&ie=UTF-8"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Cronix\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - D:\Programme\Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR Plugin: (Google Update) - C:\Users\Cronix\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (VLC Web Plugin) - D:\Programme\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-02]
CHR Extension: (Google Drive) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-02]
CHR Extension: (Google-Suche) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-02]
CHR Extension: (Logitech SetPoint) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-04-02]
CHR Extension: (Cut the Rope) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-04-02]
CHR Extension: (Fruity Annie) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbacnfobpliffdmiickfhceamljbcnjf [2013-04-02]
CHR Extension: (lipakennkogpodadpikgipnogamhklmk) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2014-09-10]
CHR Extension: (Google Wallet) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Cronix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-02]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Programme\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; D:\Programme\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
R2 MBAMScheduler; D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-08] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-02] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [61088 2012-03-15] (SEIKO EPSON CORPORATION)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 16:27 - 2014-09-15 16:29 - 02347384 _____ (ESET) C:\Users\Cronix\Desktop\esetsmartinstaller_deu.exe
2014-09-15 16:27 - 2014-09-15 16:28 - 00854417 _____ () C:\Users\Cronix\Desktop\SecurityCheck.exe
2014-09-13 17:08 - 2014-09-13 17:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-13 16:56 - 2014-09-13 16:59 - 00000000 ____D () C:\AdwCleaner
2014-09-13 16:56 - 2014-09-13 16:56 - 01373475 _____ () C:\Users\Cronix\Downloads\adwcleaner_3.310.exe
2014-09-13 16:40 - 2014-09-15 18:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 16:40 - 2014-09-13 16:40 - 00000731 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-13 16:40 - 2014-09-13 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-13 16:40 - 2014-09-13 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 16:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-13 16:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-13 16:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-12 21:22 - 2014-09-14 09:29 - 00000000 ____D () C:\Users\Cronix\AppData\Roaming\dvdcss
2014-09-12 17:48 - 2014-09-12 17:48 - 00018061 _____ () C:\Users\Cronix\Desktop\ComboFix.txt
2014-09-12 17:39 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-12 17:39 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-12 17:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-12 17:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-12 17:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-12 17:39 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-12 17:39 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-12 17:39 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-12 17:37 - 2014-09-12 17:48 - 00000000 ____D () C:\Qoobox
2014-09-12 17:37 - 2014-09-12 17:47 - 00000000 ____D () C:\Windows\erdnt
2014-09-12 17:33 - 2014-09-12 17:35 - 05577449 ____R (Swearware) C:\Users\Cronix\Desktop\ComboFix.exe
2014-09-11 17:30 - 2014-09-11 17:31 - 01110476 _____ () C:\Users\Cronix\Downloads\7z920.exe
2014-09-11 17:11 - 2014-09-15 18:50 - 00000000 ____D () C:\FRST
2014-09-11 16:59 - 2014-09-15 18:50 - 00000000 ____D () C:\Users\Cronix\Desktop\Tools
2014-09-11 03:00 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:00 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 03:00 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:00 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:00 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:00 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 03:00 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:00 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:00 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:00 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:00 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:00 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:00 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 03:00 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:00 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:00 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:00 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:00 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:00 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:00 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 03:00 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:00 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:00 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 03:00 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:00 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 03:00 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 03:00 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 03:00 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 03:00 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:00 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:00 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 03:00 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 03:00 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:00 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 03:00 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 03:00 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 03:00 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 03:00 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:00 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:00 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:00 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:00 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:00 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 03:00 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 03:00 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 03:00 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:00 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 03:00 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:00 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 03:00 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 03:00 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 03:00 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:00 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 03:00 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 03:00 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:00 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 23:11 - 2014-09-11 03:44 - 00000000 ____D () C:\Windows\rescache
2014-09-10 21:34 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 21:34 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 20:28 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-09 20:28 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-09 20:25 - 2014-09-09 20:25 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 1
2014-09-09 20:23 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-09 20:23 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 20:17 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 20:17 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 20:17 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-09 20:17 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 20:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-09 20:17 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-09 20:17 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-09 20:06 - 2014-09-09 20:06 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 2
2014-09-09 19:52 - 2014-09-09 19:52 - 00003148 _____ () C:\Windows\System32\Tasks\{38F96F6E-C465-43B4-9558-C378A02AFAFE}
2014-09-06 09:01 - 2014-09-06 09:01 - 00000000 ____D () C:\Users\Cronix\Documents\My Cheat Tables
2014-08-27 21:41 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 21:41 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 21:41 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 18:38 - 2014-08-22 18:38 - 00001123 _____ () C:\Users\Cronix\Desktop\Amazon Music.lnk
2014-08-20 21:56 - 2014-08-20 21:56 - 00004728 _____ () C:\Users\Cronix\Desktop\Flitze Feuerzahn.m3u
2014-08-18 20:53 - 2014-08-18 20:53 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 20:53 - 2014-08-18 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 18:50 - 2014-09-11 17:11 - 00000000 ____D () C:\FRST
2014-09-15 18:50 - 2014-09-11 16:59 - 00000000 ____D () C:\Users\Cronix\Desktop\Tools
2014-09-15 18:47 - 2014-09-13 16:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 18:46 - 2012-11-08 23:43 - 00440426 _____ () C:\Windows\PFRO.log
2014-09-15 18:46 - 2012-11-08 23:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-15 18:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 18:46 - 2009-07-14 06:51 - 00026711 _____ () C:\Windows\setupact.log
2014-09-15 18:45 - 2012-11-08 23:31 - 01061188 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 18:11 - 2013-04-02 20:15 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001UA.job
2014-09-15 17:59 - 2012-12-19 18:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 17:11 - 2013-04-02 20:15 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1561155398-30386077-217878308-1001Core.job
2014-09-15 16:29 - 2014-09-15 16:27 - 02347384 _____ (ESET) C:\Users\Cronix\Desktop\esetsmartinstaller_deu.exe
2014-09-15 16:28 - 2014-09-15 16:27 - 00854417 _____ () C:\Users\Cronix\Desktop\SecurityCheck.exe
2014-09-15 16:26 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-09-15 16:26 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-09-15 16:26 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 16:21 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 16:21 - 2009-07-14 06:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 08:48 - 2012-11-09 17:17 - 00000000 ____D () C:\Users\Cronix\AppData\Roaming\vlc
2014-09-14 10:00 - 2012-12-19 18:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-14 10:00 - 2012-11-09 00:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-14 10:00 - 2012-11-09 00:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-14 09:29 - 2014-09-12 21:22 - 00000000 ____D () C:\Users\Cronix\AppData\Roaming\dvdcss
2014-09-14 09:29 - 2012-12-06 17:02 - 00004144 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-13 17:23 - 2012-12-15 16:12 - 00000000 ____D () C:\Users\Cronix\AppData\Local\Apps\2.0
2014-09-13 17:08 - 2014-09-13 17:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-13 16:59 - 2014-09-13 16:56 - 00000000 ____D () C:\AdwCleaner
2014-09-13 16:56 - 2014-09-13 16:56 - 01373475 _____ () C:\Users\Cronix\Downloads\adwcleaner_3.310.exe
2014-09-13 16:40 - 2014-09-13 16:40 - 00000731 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-13 16:40 - 2014-09-13 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-13 16:40 - 2014-09-13 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 16:29 - 2014-03-05 18:10 - 00000000 ____D () C:\Users\Cronix\AppData\Local\Battle.net
2014-09-12 17:48 - 2014-09-12 17:48 - 00018061 _____ () C:\Users\Cronix\Desktop\ComboFix.txt
2014-09-12 17:48 - 2014-09-12 17:37 - 00000000 ____D () C:\Qoobox
2014-09-12 17:48 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-12 17:47 - 2014-09-12 17:37 - 00000000 ____D () C:\Windows\erdnt
2014-09-12 17:46 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-12 17:35 - 2014-09-12 17:33 - 05577449 ____R (Swearware) C:\Users\Cronix\Desktop\ComboFix.exe
2014-09-11 17:31 - 2014-09-11 17:30 - 01110476 _____ () C:\Users\Cronix\Downloads\7z920.exe
2014-09-11 03:44 - 2014-09-10 23:11 - 00000000 ____D () C:\Windows\rescache
2014-09-10 21:38 - 2013-04-02 18:07 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 21:37 - 2013-08-16 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 21:35 - 2012-11-09 01:22 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 21:34 - 2014-05-07 17:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 20:25 - 2014-09-09 20:25 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 1
2014-09-09 20:06 - 2014-09-09 20:06 - 00000000 ____D () C:\Users\Cronix\Downloads\06.09.2014 Muna Party 2
2014-09-09 19:53 - 2012-11-08 23:53 - 00000720 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-09 19:53 - 2012-11-08 23:36 - 00001409 _____ () C:\Users\Cronix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-09 19:52 - 2014-09-09 19:52 - 00003148 _____ () C:\Windows\System32\Tasks\{38F96F6E-C465-43B4-9558-C378A02AFAFE}
2014-09-06 09:03 - 2012-12-14 18:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-06 09:01 - 2014-09-06 09:01 - 00000000 ____D () C:\Users\Cronix\Documents\My Cheat Tables
2014-09-06 09:00 - 2012-11-15 22:29 - 00000000 ____D () C:\Windows\pss
2014-09-05 04:10 - 2014-09-09 20:17 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-09 20:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-28 03:16 - 2009-07-14 06:45 - 00294680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 04:07 - 2014-08-27 21:41 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 21:41 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 21:41 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 18:38 - 2014-08-22 18:38 - 00001123 _____ () C:\Users\Cronix\Desktop\Amazon Music.lnk
2014-08-20 21:56 - 2014-08-20 21:56 - 00004728 _____ () C:\Users\Cronix\Desktop\Flitze Feuerzahn.m3u
2014-08-19 20:05 - 2014-09-11 03:00 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 03:00 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-11 03:00 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 03:00 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 03:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 03:00 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 03:00 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 03:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 03:00 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-11 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-11 03:00 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 03:00 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 03:00 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 03:00 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 03:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 03:00 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 03:00 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 03:00 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 03:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 03:00 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 03:00 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 03:00 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 03:00 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 03:00 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-11 03:00 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-11 03:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 03:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 03:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 03:00 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 03:00 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-11 03:00 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-11 03:00 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 03:00 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 03:00 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 03:00 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 03:00 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 03:00 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-11 03:00 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-11 03:00 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 20:53 - 2014-08-18 20:53 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-18 20:53 - 2014-08-18 20:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 20:53 - 2014-08-18 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-18 20:48 - 2014-04-15 23:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-16 17:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Cronix\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-07 21:23

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 16.09.2014, 11:11   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Win7, Search Protect + istasurf eingefangen - Standard

Win7, Search Protect + istasurf eingefangen



Games und Backups löschen.


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win7, Search Protect + istasurf eingefangen
js/exploit.agent.nft, pup.optional.browsersapp.a, pup.optional.dvdvideosofttb.a, pup.optional.fastsearchings, pup.optional.faststart.a, pup.optional.iepluginservice.a, pup.optional.iepluginservices.a, pup.optional.installcore, pup.optional.istartsurf.a, pup.optional.livelyrics.a, pup.optional.qone8, pup.optional.regcleanpro.a, pup.optional.selectngo.a, pup.optional.skytech.a, pup.optional.softwareupdater, pup.optional.softwareupdater.a, pup.optional.superfish.a, pup.optional.suptab.a, pup.optional.webcake.a, pup.optional.websearch.a, pup.optional.websearches.a, pup.optional.websearchinfo, pup.optional.wpm.a, win32/bundled.toolbar.ask, win32/installcore.lx



Ähnliche Themen: Win7, Search Protect + istasurf eingefangen


  1. Search Protect Problem
    Plagegeister aller Art und deren Bekämpfung - 22.08.2016 (21)
  2. Istasurf eingefangen
    Plagegeister aller Art und deren Bekämpfung - 03.05.2015 (53)
  3. Search Protect in Taskleiste
    Log-Analyse und Auswertung - 17.04.2015 (24)
  4. Search Protect in Taskleiste
    Lob, Kritik und Wünsche - 16.04.2015 (1)
  5. Windows 7: Search Protect
    Plagegeister aller Art und deren Bekämpfung - 18.01.2015 (11)
  6. Search Protect und Co entfernen
    Plagegeister aller Art und deren Bekämpfung - 30.12.2014 (19)
  7. Protect search -wie werde ich ihn los?
    Log-Analyse und Auswertung - 03.12.2014 (10)
  8. Search Protect mitinstalliert
    Plagegeister aller Art und deren Bekämpfung - 22.08.2014 (15)
  9. Search Protect (trovi.com, search.iminent.com), Fehler bei der Deinstallation.
    Plagegeister aller Art und deren Bekämpfung - 22.07.2014 (17)
  10. Problem mit Search Protect
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (18)
  11. Plagegeist „Search Protect“ eingefangen
    Plagegeister aller Art und deren Bekämpfung - 04.06.2014 (7)
  12. Search Protect / V-bates 2.0.0.438
    Plagegeister aller Art und deren Bekämpfung - 06.03.2014 (11)
  13. search protect ua malware eingefangen!?: neu aufsetzen?
    Plagegeister aller Art und deren Bekämpfung - 18.02.2014 (11)
  14. Search protect - conduit
    Plagegeister aller Art und deren Bekämpfung - 27.01.2014 (17)
  15. search protect by conduit
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (11)
  16. Search Protect by Conduit (u.a.?)
    Log-Analyse und Auswertung - 10.12.2013 (11)
  17. search protect by conduit
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (8)

Zum Thema Win7, Search Protect + istasurf eingefangen - Hallo zusammen. Leider habe ich mir wie in der Beschreibung beschrieben das lästige Search Protect mit istasurf eingefangen und komme nach stunden langer Suche nicht weiter. Deshalb wende ich mich - Win7, Search Protect + istasurf eingefangen...
Archiv
Du betrachtest: Win7, Search Protect + istasurf eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.