Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.10.2014, 22:38   #1
fireskyer
 
Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. - Standard

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.



Hallo Miteinander,

Problem:

Es wird die ganze Zeit beim starten von Firefox versucht, ein RAR File zu downloaden das 045.rar heißt und auf uploaded.net liegt.

Diese Datei (0.45.rar) 291,76 MB
: hxxp://uploaded.net/file/ttg7gxar

Usache Vermutung : Ich habe leider nichts gefunden. Auch habe ich keine verdächtigen Addons.... Denke ich!! .


Da meine Log Dateien leider zu gross sind zum normalen anhängen oder zum Posten , habe ich sie angehängt in einem RAR Format..

Habe gelesen dass man wenn die Logs zu gross sind man sie aufteilen soll:

Addition.txt:

Teil 1. :

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014
Ran by skyerjoe at 2014-10-21 22:29:40
Running from C:\Users\skyerjoe\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Advanced IP Scanner v1.5 (HKLM-x32\...\Advanced IP Scanner v1.5) (Version:  - )
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version:  - )
Alax.Info DHCP Server 1.0.6 (HKLM-x32\...\{F778CD06-CB21-4D58-92B7-3A21B6D8F009}) (Version: 1.0.6 - Alax.Info)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Alt.Binz 0.25.0 (HKLM-x32\...\Alt.Binz) (Version: 0.25.0 - Rdl)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.278 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{5BC83141-83DD-07BE-C940-04B385540F04}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Binbot version 2.0 (HKLM-x32\...\binbot2.0_is1) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J4510DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0113.2257.41150 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0920.2143.37117 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help English (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help French (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help German (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCcamInfoPHP v0.8.6 (DT5) (HKLM-x32\...\{F5E2B845-0C4A-452D-A24D-8E9C1B1858F0}) (Version: 1.0.0 - .)
ccc-core-static (x32 Version: 2010.0920.2143.37117 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0920.2143.37117 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
Click to Disc MergeModules x64 (Version: 1.0.14230 - Sony Corporation) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.538 - Corel Inc.)
CPUID CPU-Z 1.55 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crystal Reports XI Release 2 (HKLM-x32\...\{94FB0978-D094-40C7-91D7-834D39220D4A}) (Version: 11.5.0.31327 - Business Objects)
DAEMON Tools Toolbar (HKLM-x32\...\DAEMON Tools Toolbar) (Version: 1.1.3.0244 - DT Soft Ltd) <==== ATTENTION
Defraggler (HKLM\...\Defraggler) (Version: 2.09 - Piriform)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EasyBCD 1.7.2 (HKLM-x32\...\EasyBCD) (Version: 1.7.2 - NeoSmart Technologies)
EasyBoot V5.12 (HKLM-x32\...\EasyBoot_is1) (Version:  - )
Einstellungen für VAIO-Inhaltsüberwachung (HKLM-x32\...\{06C05B90-2127-4933-8ABA-61833BDE13FA}) (Version: 2.6.0.11050 - Sony Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.0.545 - Evernote Corp.)
Ext2 IFS 1.11a for Windows Vista/2008 (HKLM\...\Ext2Ifs_for_NT6) (Version:  - )
Ext2Fsd 0.51 (HKLM\...\Ext2Fsd_is1) (Version: 0.51 - Matt Wu)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FOCA Free (HKLM-x32\...\{54A9B87F-7966-41B7-96C7-01D7EF462813}) (Version: 2.6.1 - Informatica64)
Foldit (HKLM-x32\...\Foldit) (Version:  - )
FRITZ!Box USB-Fernanschluss (HKCU\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin)
Funmoods Web Search (HKCU\...\Funmoods Web Search) (Version:  - ) <==== ATTENTION
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
H.M.S Fsim 4.01 (HKLM-x32\...\Fsim 4.01_is1) (Version: 4.01 - H.M.S Software)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HP Photosmart Prem C410 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}) (Version: 14.0 - HP)
ICQ7.2 (HKLM-x32\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
ImageMagick 6.7.6-5 Q16 (2012-05-01) (HKLM-x32\...\ImageMagick 6.7.6 Q16_is1) (Version: 6.7.6 - ImageMagick Studio LLC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
inSSIDer 2.0 (HKLM\...\{57019733-78E6-43DE-8E6D-55349F0FDE6F}) (Version: 2.0.7 - MetaGeek)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
IsoBuster 3.3 (HKLM-x32\...\IsoBuster_is1) (Version: 3.3 - Smart Projects)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
JDiskReport 1.4.0 (HKLM-x32\...\JDiskReport 1.4.0) (Version: 1.4.0 (2012-01-20 11:38:43) - JGoodies Karsten Lentzsch)
JDownloader (HKLM-x32\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt))
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 2.13 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.8.1 - Magical Jelly Bean)
Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.1.1.11200 - Sony Corporation)
Media Gallery (x32 Version: 1.1.1.11200 - Sony Corporation) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Device Emulator (64 Bit) Version 3.0 - DEU (HKLM\...\{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Diagnostics and Recovery Toolset 6.0 (HKLM\...\{1B285B8A-161F-4ACE-86D7-89EF0775EDCB}) (Version: 6.00.0000 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Report Viewer 2012-Laufzeit (HKLM-x32\...\{F2C6E9F1-8F35-42A0-A9CA-E6C94D92A86C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{5973B12E-5FC1-4EF6-B63B-49C1C4AF2AAA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-Bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A282A232-780C-45E2-A5E5-9B61D74DCC6E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - DEU (HKLM-x32\...\{987AE03F-234A-3623-BD28-6B31FD1D3AB3}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer für SQL Server 2012 (HKLM\...\{7647B46D-D4E6-43A5-AC9D-0BAA28C63271}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.1 - mIRC Co. Ltd.)
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.9 - 3r1c)
MKVtoolnix 4.4.0 (HKLM-x32\...\MKVtoolnix) (Version: 4.4.0 - Moritz Bunkus)
MobileMe Control Panel (HKLM\...\{56F26668-13DA-497A-883F-61434A10CBAB}) (Version: 3.1.5.0 - Apple Inc.)
MozBackup 1.5 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-GB)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\{AB259D46-F851-41B0-9AFA-AED8998AD68A}) (Version: 2.0.0.1067 - Omnifone)
Nero 8 Micro 8.3.6.0 (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.6.0 - Updatepack.nl)
Nero 9 Lite (HKLM-x32\...\{3484e694-66bc-40b5-88d9-dc7ead01b92f}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.31.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NetSHGUI (HKLM-x32\...\{34CF2DC1-9138-4671-9C2F-D318FFC80AC0}) (Version: 1.0.0 - Tim Brigham)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Newsbin Pro (HKLM\...\Newsbin6) (Version: 6.00 - DJI Interprises, LLC)
NewsLeecher v4.0 Final (HKLM-x32\...\NewsLeecher_is1) (Version:  - )
nLite 1.4.9.1 (HKLM-x32\...\nLite_is1) (Version: 1.4.9.1 - Dino Nuhagic (nuhi))
NNTPGrab (64bit) (HKLM\...\NNTPGrab (64bit)) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.7 - )
NSClient++ (x64) (HKLM\...\{D9C026DE-16B9-4286-AFB1-3117B88D9769}) (Version: 0.3.8.76 - MySolutions NORDIC)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenSSL 1.0.1 Light (32-bit) (HKLM-x32\...\OpenSSL Light (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
OpenVPN Tap Adapter 9.0 (HKLM-x32\...\OpenVPN Tap Adapter) (Version:  - )
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)
OverPlay VPN (HKCU\...\4f1f873ae9d5c649) (Version: 1.0.0.50 - OverPlay)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Paragon Partition Manager™ 10.0 Professional (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
pCon.planner 6.3 (HKLM-x32\...\pCon.planner 6.3) (Version: 6.3.0.101 - EasternGraphics)
pCon.planner 6.3 (x32 Version: 6.3.0.101 - EasternGraphics) Hidden
PE Builder 3.1.10a (HKLM-x32\...\PE Builder_is1) (Version:  - Bart Lagerweij)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.2 - )
PKR (HKLM-x32\...\PKR) (Version:  - PKR Ltd)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.0.00.10260 - Sony Corporation)
PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}) (Version: 1.2.00.15250 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.2.00.15250 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.2.00.16060 - Sony Corporation)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.2.00.16060 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.2.00.15250 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.2.00.15250 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.2.00.15250 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.2.00.15250 - Sony Corporation) Hidden
Polipo 1.0.4.1 (HKLM-x32\...\Polipo) (Version:  - )
PS_AIO_07_C410_SW_Min (x32 Version: 140.0.273.000 - Hewlett-Packard) Hidden
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.50.0 - PS3 Media Server)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Remote Play mit PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.0.2.06212 - Sony Corporation)
Remote Play with PlayStation 3 (x32 Version: 1.0.0.15090 - Sony Corporation) Hidden
Remote-Tastatur mit PlayStation 3 (HKLM-x32\...\{65B138AE-F636-4D4C-BA5D-A06E21E47C53}) (Version: 1.0.2.06170 - Sony Corporation)
Roadkil's Raw Copy Version 1.2 (HKLM-x32\...\{FE95BD73-9BCF-4859-BC47-16617911FE3B}_is1) (Version:  - Roadkil.Net)
Rohos Mini Drive 1.8 (HKLM-x32\...\Rohos_Rohos22_is1) (Version:  - Tesline-Service srl)
Roomeon 3D-Planer (HKLM-x32\...\{51BA4778-915C-4B75-92AC-06060B76FE16}) (Version: 1.0.0 - MyDomicile.com GmbH)
Rosetta Stone Ltd Services (HKLM-x32\...\{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}) (Version: 3.2.17 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\com.rosettastone.rosettastonetotale) (Version: 4.1.15.1 - Rosetta Stone, Ltd)
Rosetta Stone TOTALe (x32 Version: 4.1.1 - Rosetta Stone, Ltd) Hidden
Rosetta Stone TOTALe (x32 Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
Roxio Central Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Easy Media Creator Home (x32 Version: 10.3.183 - Roxio) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
SecCommerce SecSigner 3.6 (HKLM\...\SecCommerce SecSigner) (Version: 3.6 - SecCommerce Informationssysteme GmbH)
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Sentinel System Driver (HKLM-x32\...\Rainbow Sentinel Driver) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SetEditHBP (remove only) (HKLM-x32\...\SetEditHBP) (Version:  - )
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.1.0.11200 - Sony Corporation)
Setup_msm_VCMS_x64 (Version: 2.6.0.06040 - Sony Corporation) Hidden
Setup_msm_VOFS_x64 (Version: 2.3.0.09270 - Sony Corporation) Hidden
Setup_VEP_x64_Contain_SSDB (Version: 3.9.0.09270 - Sony Corporation) Hidden
Simple PAK Maker (HKLM-x32\...\{C4D6A4E8-D564-4634-B16D-D40112FB7A51}) (Version: 2.0.0.0 - )
simple-fax.de Version 1 (HKLM-x32\...\{7343767F-D225-4EB2-87B8-173451445F45}_is1) (Version: 1 - simple-fax.de)
SIW version 2010.04.28 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2010.04.28 - Topala Software Solutions)
Snapshot (remove only) (HKLM-x32\...\Snapshot) (Version:  - )
SOHLib Merge Module (x32 Version: 2.2.0.11240 - Sony Corporation) Hidden
Sony Home Network Library (HKLM-x32\...\{A6B90666-2A1F-49E8-A40E-27EAAD11C096}) (Version: 2.2.0.11240 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.0.1.10160 - Sony Corporation) Hidden
SopCast 3.3.2 (HKLM-x32\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SpotLite (HKCU\...\SpotLite) (Version: 00.01.00.04 - Quartermaster (Bond))
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server-Browser für SQL Server 2012 (HKLM-x32\...\{1A4C9497-7D4B-466D-8D3A-FE0D925386DC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sweet Home 3D version 3.2 (HKLM-x32\...\Sweet Home 3D_is1) (Version:  - eTeks)
System Requirements Lab for Intel (HKLM-x32\...\{ADD72094-D289-4714-A62E-70574478A2BC}) (Version: 4.3.1.0 - Husdawg, LLC)
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.10418 - TeamViewer GmbH)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Tiny DHCP Server (HKLM-x32\...\Tiny DHCP Server) (Version:  - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Tor 0.2.2.30-rc (HKLM-x32\...\Tor) (Version:  - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TSDoctor (HKLM-x32\...\{1A8BB532-FE89-4AAF-BA8F-AABA6A51CD5F}) (Version: 1.0.83 - Cypheros)
UBCD4Win 3.60 (HKLM-x32\...\UBCD4Win_is1) (Version:  - UBCD4Win Team - Benjamin Burrows)
UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version:  - )
UltraVNC 1.0.9.1 (HKLM-x32\...\Ultravnc2_is1) (Version: 1.0.9.1 - 1.0.9.1)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation)
Update for Zip Opener (HKCU\...\Digital Sites) (Version:  - Update for Zip Opener) <==== ATTENTION
Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version:  - )
UsenetFaker v1.0.0.0 (HKLM-x32\...\UsenetFaker_is1) (Version:  - )
VAIO Care (HKLM\...\{FDCC09EA-A33E-4639-B1CD-FC1702815FA7}) (Version: 8.4.0.14281 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{A1255354-11F3-4D25-95CC-C9B1C2320761}) (Version: 3.9.0.11260 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.6.0.09250 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Network Service Manager (HKLM\...\{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Content Metadata Manager Settings (HKLM\...\{8FE3CF66-4484-4D39-B47D-DEBBA173619D}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Content Metadata XML Interface Library (HKLM\...\{97C58294-36D8-4594-8A49-7AB4AE096504}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.2.0.09150 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.2.0.09150 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.1.00.15050 - Sony Corporation)
VAIO Energie Verwaltung (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.0.0.11300 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{0489D044-6386-4BDF-9F98-577D60CF79DD}) (Version: 3.9.0.11160 - Sony Corporation)
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.1.0.12010 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.2.1.09131 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 1.0.0.10290 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Marketing Tools (HKLM-x32\...\MarketingTools) (Version:  - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.0.1.10160 - Sony Corporation)
VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 1.2.0.09100 - Sony Corporation)
VAIO Movie Story MergeModules x64 (Version: 1.0.14240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.2.00.15250 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.0.00.09240 - Sony Corporation) Hidden
VAIO Original Funktion Einstellungen (HKLM-x32\...\{04EAE65A-CDCF-480F-B754-5C3A9364239C}) (Version: 2.3.0.11240 - Sony Corporation)
VAIO Personalization Manager (HKLM\...\{DBB823F3-E8BD-4578-9D16-42AF176FD777}) (Version: 3.0.0.11160 - Sony Corporation)
VAIO Premium Partners (HKLM-x32\...\VAIO Premium Partners) (Version: 1.0 - Sony Europe)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.3.1.7 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.3.1.7 - Sony Corporation) Hidden
VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.1.08110 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.0.0.06010 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)
Vidalia 0.2.12 (HKLM-x32\...\Vidalia) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Vistumbler (HKLM-x32\...\Vistumbler) (Version: v10 - Vistumbler.net)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
vShare.tv plugin 1.3 (HKLM-x32\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
windata basic (HKLM-x32\...\{B20643D6-70C3-447E-8C19-5AADD3904C81}) (Version: 08.00.0000 - windata GmbH & Co.KG)
windata@home (HKLM-x32\...\{A0703E79-9B57-4BE1-BEF1-E43402CBBFF0}) (Version: 08.08.0000 - windata GmbH & Co.KG)
Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 5.1.8 (HKLM-x32\...\winscp3_is1) (Version: 5.1.8 - Martin Prikryl)
XMedia Recode 3.0.6.7 (HKLM-x32\...\XMedia Recode) (Version: 3.0.6.7 - Sebastian Dörfler)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

08-10-2014 18:02:40 Windows Update
15-10-2014 19:17:37 Geplanter Prüfpunkt
16-10-2014 16:49:27 Windows Update
16-10-2014 22:07:39 Windows Update
18-10-2014 11:55:59 Konfiguriert Brother Software Suite
21-10-2014 11:33:39 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-10-21 22:02 - 00000847 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11AB48CB-E787-4F59-8219-53BDCA876862} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {17C8CFD2-4029-460E-A6CD-53CBB25A00C2} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {1A711198-0BA9-4ED0-8B61-B44DDFEDEACF} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {3404E6B7-BCCB-469A-8E3D-B0563632A16C} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {364C52BB-493C-45BE-BA18-19F3CB63CAE9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {44B093F9-D6AA-4661-B9BA-EA1333300C86} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJMIMIMMMJMKJLJPMCNLMLJOJJMCNLMGMHMPMCNGMLMPMOMCNKJLJMJOMLJIMOMLJJMHMPMPMJNJICMIMCNNMCNGMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMMIEJGIKJNIFJAJKJJNKJCMJNNICMJNDJCMLJKJ"
Task: {52D6BE54-933A-4B27-9EC8-22D5ACFCB7E6} - System32\Tasks\Open URL by Roboform => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMJMIMIMMMJMKJLJPMCNLMLJOJJMCNLMGMHMPMCNGMLMPMOMCNKJLJMJOMLJIMOMLJJMHMPMPMJNJICMIMCNMMCNNMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMPMCNNMJNPICMPMFMFMGMIMJNHICMMJBJKJLIMJJNBJCMMIEJGIKJNIFJAJKJJNKJCMJNNICMJNDJCMLJKJ"
Task: {5672D7A3-E325-433B-A74A-DC130FDF5B88} - System32\Tasks\Quark Updater => C:\Program Files (x86)\Quark\Quark Update\AutoUpdate.exe
Task: {578AFFD4-EB45-476C-A5D8-87C1C02D0D98} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {58E45C7E-0640-404E-B5E2-7B4D045EC33F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-15] (AVAST Software)
Task: {6615E562-AC45-490E-97AD-5D892EA5E872} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {793AAAA3-44D3-48B9-8570-AF9CE4C2CD0B} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
         
Teil 2:

Code:
ATTFilter
Task: {7CCABE14-77D5-4FCB-8E04-3482A19803BE} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {7F3738BD-8BB9-4891-9EB5-F56D640B36ED} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {88ED3377-4CB1-469A-84DA-258A833262FB} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {8E6413D9-8DB2-4031-916E-3B7D3D2BD242} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-10-25] (Sony Corporation)
Task: {8FC70F01-B45F-421F-A148-71BDCA8F2C12} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {94BF4AB2-F919-4F2E-9995-AF0E5FA034D2} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {98091604-3DE7-4B23-A0A6-E774DC0263BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-06] (Google Inc.)
Task: {A88268DE-C610-46E0-82A6-FD9CED737898} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {A90FEA3A-DB4F-4817-90F6-D1B6C6D39ED9} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {B151739C-0FAA-4B1A-A63C-D717084230B4} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {BC311B7E-F30F-4701-BEAD-19EE5A22FD63} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {C46351A3-4D02-4BFB-9459-D0EAF1D48E05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-06] (Google Inc.)
Task: {C4A85847-DFD3-42F1-A3C6-C0FA276B3F54} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {C81DAFF3-CED8-4252-8AEF-A3A96E685773} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)
Task: {DB33CD9B-24D2-42A1-A3B9-6BA9F66C33A0} - System32\Tasks\SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3 => C:\Program Files\Sony\Remote Keyboard with PlayStation 3\VBTKBUtil.exe [2010-06-17] (Sony Corporation)
Task: {DF3160C5-1645-408B-B0EE-FE4E4E292839} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {E39F1155-3D4E-4E65-B869-2B0B8C80C413} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {ECA53539-0A26-413A-8DF7-9A784D9D4FFC} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {F107CD63-AFBD-4D25-83B2-96D289235F68} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-10-25] (Sony Corporation)
Task: {FA2A8DEF-658C-4962-BB82-280ABB3E4E88} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {FC2B3564-8D8B-452B-B987-499D15E69A55} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Quark Updater.job => C:\Program Files (x86)\Quark\Quark Update\AutoUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-06 17:34 - 2013-02-09 14:17 - 00113152 _____ () C:\Windows\System32\redmon64.dll
2014-06-21 15:26 - 2005-04-22 06:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-06-08 23:51 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2014-01-28 22:45 - 2012-01-20 15:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2009-11-25 01:36 - 2009-11-25 01:36 - 00125440 _____ () C:\Program Files (x86)\Notepad++\NppShell_01.dll
2010-08-24 15:39 - 2010-08-24 15:39 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-01-26 21:04 - 2011-01-26 21:04 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-10-21 20:07 - 2014-10-21 20:07 - 00050477 _____ () C:\Users\skyerjoe\Downloads\Defogger(1).exe
2014-07-15 18:42 - 2014-07-15 18:42 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-21 13:26 - 2014-10-21 13:26 - 02896384 _____ () C:\Program Files\AVAST Software\Avast\defs\14102100\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-02 15:10 - 2009-12-01 22:03 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-06-02 15:10 - 2009-12-01 22:03 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2010-01-29 23:55 - 2009-11-21 01:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-07-15 18:42 - 2014-07-15 18:42 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-21 15:10 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-01-03 10:45 - 2012-01-03 10:45 - 00016832 _____ () C:\Program Files (x86)\Adobe\Reader 9.0\Reader\viewerps.dll
2014-09-24 20:56 - 2014-09-24 20:56 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\skyerjoe\Downloads\email_87_20140717181446.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\startupfolder: C:^Users^skyerjoe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.3301725356812716.exe.lnk => C:\Windows\pss\0.3301725356812716.exe.lnk.Startup
MSCONFIG\startupfolder: C:^Users^skyerjoe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Hardcopy.LNK => C:\Windows\pss\Hardcopy.LNK.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MarketingTools => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Tiny DHCP Server => "C:\Program Files (x86)\Tiny DHCP Server\dhcpsrv.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1609788897-153937731-1751884820-500 - Administrator - Disabled)
Gast (S-1-5-21-1609788897-153937731-1751884820-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1609788897-153937731-1751884820-1002 - Limited - Enabled)
sky (S-1-5-21-1609788897-153937731-1751884820-1003 - Limited - Enabled) => C:\Users\sky
skyerjoe (S-1-5-21-1609788897-153937731-1751884820-1000 - Administrator - Enabled) => C:\Users\skyerjoe

==================== Faulty Device Manager Devices =============

Name: J:\
Description: Cruzer Fit      
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: SanDisk 
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: USB 2.0 Camera
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Prem C410 series
Description: Photosmart Prem C410 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter V9
Description: TAP-Win32 Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: G:\
Description: R5C822
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Description: Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Prem C410 series
Description: Photosmart Prem C410 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2014 10:03:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/21/2014 10:03:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/21/2014 09:36:06 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (10/21/2014 09:36:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/21/2014 09:29:37 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (10/21/2014 09:29:37 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (10/21/2014 08:30:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357(1).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357(1).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x1380
Startzeit der fehlerhaften Anwendung: 0xGmer-19357(1).exe0
Pfad der fehlerhaften Anwendung: Gmer-19357(1).exe1
Pfad des fehlerhaften Moduls: Gmer-19357(1).exe2
Berichtskennung: Gmer-19357(1).exe3

Error: (10/21/2014 08:29:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357(1).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357(1).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x15c4
Startzeit der fehlerhaften Anwendung: 0xGmer-19357(1).exe0
Pfad der fehlerhaften Anwendung: Gmer-19357(1).exe1
Pfad des fehlerhaften Moduls: Gmer-19357(1).exe2
Berichtskennung: Gmer-19357(1).exe3

Error: (10/21/2014 05:31:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: crw32.exe, Version: 11.5.0.313, Zeitstempel: 0x4379f2e5
Name des fehlerhaften Moduls: crw32.exe, Version: 11.5.0.313, Zeitstempel: 0x4379f2e5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0050cb55
ID des fehlerhaften Prozesses: 0x1e18
Startzeit der fehlerhaften Anwendung: 0xcrw32.exe0
Pfad der fehlerhaften Anwendung: crw32.exe1
Pfad des fehlerhaften Moduls: crw32.exe2
Berichtskennung: crw32.exe3

Error: (10/21/2014 05:26:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: crw32.exe, Version: 11.5.0.313, Zeitstempel: 0x4379f2e5
Name des fehlerhaften Moduls: crw32.exe, Version: 11.5.0.313, Zeitstempel: 0x4379f2e5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0050cb55
ID des fehlerhaften Prozesses: 0x8d4
Startzeit der fehlerhaften Anwendung: 0xcrw32.exe0
Pfad der fehlerhaften Anwendung: crw32.exe1
Pfad des fehlerhaften Moduls: crw32.exe2
Berichtskennung: crw32.exe3


System errors:
=============
Error: (10/21/2014 08:22:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "HP Network Devices Support" wurde nicht richtig gestartet.

Error: (10/21/2014 08:20:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Energy Server Service" wurde mit folgendem Fehler beendet: 
%%268439612

Error: (10/21/2014 08:19:26 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (10/21/2014 08:17:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht.

Error: (10/21/2014 08:17:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Printer Control" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/21/2014 08:16:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Sentinel" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (10/21/2014 08:16:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\SENTINEL.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (10/21/2014 08:16:49 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{39485f75-6e44-11df-a4b5-806e6f6e6963}" können nicht gelesen werden.

Error: (10/21/2014 08:16:49 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{59159bb5-7d3f-11df-9ec3-54424907d5f0}" können nicht gelesen werden.

Error: (10/21/2014 08:15:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147467243


Microsoft Office Sessions:
=========================
Error: (10/21/2014 10:03:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (10/21/2014 10:03:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (10/21/2014 09:36:06 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\skyerjoe\Downloads\VirtualBox-4.3.10-93012-Win.exeC:\Users\skyerjoe\Downloads\VirtualBox-4.3.10-93012-Win.exe0

Error: (10/21/2014 09:36:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\skyerjoe\Downloads\esetsmartinstaller_enu.exe

Error: (10/21/2014 09:29:37 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\skyerjoe\Downloads\VirtualBox-4.3.10-93012-Win.exeC:\Users\skyerjoe\Downloads\VirtualBox-4.3.10-93012-Win.exe0

Error: (10/21/2014 09:29:37 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\skyerjoe\Downloads\VirtualBox-4.3.10-93012-Win.exeC:\Users\skyerjoe\Downloads\VirtualBox-4.3.10-93012-Win.exe0

Error: (10/21/2014 08:30:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357(1).exe2.1.19357.052e7ea83Gmer-19357(1).exe2.1.19357.052e7ea83c0000005000011aa138001cfed5d0ff69294C:\Users\skyerjoe\Downloads\Gmer-19357(1).exeC:\Users\skyerjoe\Downloads\Gmer-19357(1).exe51ec77d3-5950-11e4-b28a-8db816ae7ea4

Error: (10/21/2014 08:29:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357(1).exe2.1.19357.052e7ea83Gmer-19357(1).exe2.1.19357.052e7ea83c0000005000011aa15c401cfed5cddfa12e1C:\Users\skyerjoe\Downloads\Gmer-19357(1).exeC:\Users\skyerjoe\Downloads\Gmer-19357(1).exe209babbf-5950-11e4-b28a-8db816ae7ea4

Error: (10/21/2014 05:31:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: crw32.exe11.5.0.3134379f2e5crw32.exe11.5.0.3134379f2e5c00000050050cb551e1801cfed43678ad9f3C:\Program Files (x86)\Business Objects\Crystal Reports 11.5\crw32.exeC:\Program Files (x86)\Business Objects\Crystal Reports 11.5\crw32.exe45256ed9-5937-11e4-aab9-fa75b628d9d5

Error: (10/21/2014 05:26:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: crw32.exe11.5.0.3134379f2e5crw32.exe11.5.0.3134379f2e5c00000050050cb558d401cfed42febbc9b4C:\Program Files (x86)\Business Objects\Crystal Reports 11.5\crw32.exeC:\Program Files (x86)\Business Objects\Crystal Reports 11.5\crw32.exe9aae012d-5936-11e4-aab9-fa75b628d9d5


CodeIntegrity Errors:
===================================
  Date: 2011-03-11 21:57:10.758
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-11 21:57:10.748
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-11 21:57:10.738
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-11 21:57:10.718
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-11 21:57:10.698
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-11 21:57:10.668
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-02-07 18:25:04.335
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-02-07 18:25:04.313
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-02-07 18:25:04.283
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-02-07 18:25:04.217
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 63%
Total physical RAM: 3950.07 MB
Available physical RAM: 1437.57 MB
Total Pagefile: 7898.31 MB
Available Pagefile: 4339.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:396.01 GB) (Free:27.17 GB) NTFS
Drive e: () (Fixed) (Total:19.53 GB) (Free:2.54 GB) NTFS
Drive h: (Volume) (Fixed) (Total:39.5 GB) (Free:2.02 GB) NTFS
Drive i: (crystal_reports) (CDROM) (Total:0.82 GB) (Free:0 GB) UDF
Drive j: () (Removable) (Total:14.91 GB) (Free:9.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0A0C67E8)
Partition 1: (Not Active) - (Size=10.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=396 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=59 GB) - (Type=OF Extended)

========================================================
Disk: 3 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

FRST:

Teil 1:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by skyerjoe (administrator) on SKYERJOE-VAIO on 21-10-2014 22:29:04
Running from C:\Users\skyerjoe\Downloads
Loaded Profiles: skyerjoe & MSSQL$SQLEXPRESS (Available profiles: skyerjoe & sky & MSSQL$SQLEXPRESS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Tesline-Service SRL) C:\Program Files (x86)\Rohos\agent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
() C:\Users\skyerjoe\Downloads\Defogger(1).exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\skyerjoe\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-16] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [PrintDisp] => C:\Windows\system32\PrintDisp.exe [878080 2009-08-21] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-21] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1655296 2010-09-05] (Dominik Reichl)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ext2 Volume Manager] => C:\Program Files\Ext2Fsd\Ext2Mgr.exe [1211536 2011-02-05] (Ext2Fsd Group (www.ext2fsd.com))
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Tiny DHCP Server] => C:\Program Files (x86)\Tiny DHCP Server\dhcpsrv.exe [94208 2011-08-30] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [Rohos] => C:\Program Files (x86)\Rohos\agent.exe [801080 2011-05-17] (Tesline-Service SRL)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\skyerjoe\AppData\Local\Apps\2.0\BTH1ZOGT.8OZ\L89TLL57.57W\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-04-03] (AVM Berlin)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\MountPoints2: {3f596299-8920-11e3-a4b9-54424907d5f0} - I:\start.exe
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\MountPoints2: {4b862c5d-78c9-11df-aadd-54424907d5f0} - H:\pushinst.exe
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\MountPoints2: {ba47a5a3-bf94-11e1-b4e1-54424907d5f0} - I:\pushinst.exe
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
AppInit_DLLs-x32: acaptuser32.dll => "acaptuser32.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\windata Zahlungserinnerung.lnk
ShortcutTarget: windata Zahlungserinnerung.lnk -> C:\windata\Home\windataZahlungserinnerung.exe (windata GmbH & Co.KG)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM-x32 - {01027486-F7EC-4174-AABE-67DF604D8901} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=36635f72-2fdb-11e1-a98e-54424907d5f0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {01027486-F7EC-4174-AABE-67DF604D8901} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=36635f72-2fdb-11e1-a98e-54424907d5f0&q={searchTerms}
SearchScopes: HKCU - {01027486-F7EC-4174-AABE-67DF604D8901} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=36635f72-2fdb-11e1-a98e-54424907d5f0&q={searchTerms}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=7FB701D4-1C89-4EFA-884D-03D6CEB67EE4&apn_sauid=7DF5FFEB-7B8B-40D1-AD17-CA2E5086015A
SearchScopes: HKCU - {2ACC42B3-35D9-443C-A196-98B24C83B63A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
SearchScopes: HKCU - {35F08D01-53EE-40D5-9B58-2E54616CA883} URL = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
SearchScopes: HKCU - {529538C8-6480-4BF9-9D9D-847EE0E86B93} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {D4458402-FDE2-4BEA-B7CC-D06F9B2A768F} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Tcpip\..\Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}: [NameServer] 192.168.178.1
Tcpip\..\Interfaces\{D61CA8A8-A9C5-4B05-8B5C-1FF6CD0702CA}: [NameServer] 192.168.178.15

FireFox:
========
FF ProfilePath: C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: about:home|hxxp://www.giga.de/
FF Keyword.URL: hxxp://startsear.ch/?aff=1&src=sp&cf=36635f72-2fdb-11e1-a98e-54424907d5f0&q=
FF NetworkProxy: "backup.ftp", "192.168.43.1"
FF NetworkProxy: "backup.ftp_port", 3431
FF NetworkProxy: "backup.socks", "192.168.43.1"
FF NetworkProxy: "backup.socks_port", 3431
FF NetworkProxy: "backup.ssl", "192.168.43.1"
FF NetworkProxy: "backup.ssl_port", 3431
FF NetworkProxy: "ftp", "192.168.43.1"
FF NetworkProxy: "ftp_port", 34731
FF NetworkProxy: "http", "192.168.43.1"
FF NetworkProxy: "http_port", 34731
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.43.1"
FF NetworkProxy: "socks_port", 34731
FF NetworkProxy: "ssl", "192.168.43.1"
FF NetworkProxy: "ssl_port", 34731
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\searchplugins\gutscheinsuche.xml
FF SearchPlugin: C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\searchplugins\startsear.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: FreeSpeechMe - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\convergence@dot-bit.org [2014-05-16]
FF Extension: FoxyProxy Standard - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\foxyproxy@eric.h.jung [2014-09-05]
FF Extension: SparPilot - Gutscheine &amp; mehr... - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\sparpilot@sparpilot.com [2014-10-02]
FF Extension: Bitdefender QuickScan - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-17]
FF Extension: Social Fixer - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\betterfacebook@mattkruse.com.xpi [2011-08-08]
FF Extension: Facebook Chat History Manager - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\fbchathistory@firechm.com.xpi [2011-08-09]
FF Extension: FireNes - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\firenes@facundo.zaldo.xpi [2012-01-03]
FF Extension: Premiumize.me - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\jid1-sirVJT0BXhkuJg@jetpack.xpi [2014-07-15]
FF Extension: Deutsch (DE) Language Pack - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2011-12-28]
FF Extension: Stealthy - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\stealthyextension@gmail.com.xpi [2011-10-30]
FF Extension: Flagfox - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-12]
FF Extension: Encrypted Communication - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{52a7f893-d228-412e-9b28-bc61491462f6}.xpi [2014-02-05]
FF Extension: BugMeNot Plugin - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2011-07-17]
FF Extension: Adblock Plus - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-10]
FF Extension: Torbutton - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2011-08-18]
FF Extension: User Agent Switcher - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-06-20]
FF Extension: WorldIP - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2011-08-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-10]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome: 
=======
CHR Profile: C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (avast! SafePrice) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-14]
CHR Extension: (avast! Online Security) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-14]
CHR Extension: (vshare plugin) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2014-03-25]
CHR Extension: (Google Wallet) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-14]
CHR HKCU\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\skyerjoe\AppData\Local\funmoods.crx []
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-15]
CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx [2011-08-31]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Printer Control; C:\Windows\system32\PrintCtrl.exe [77824 2009-06-16] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
R2 Rohos Disk; C:\Program Files (x86)\Rohos\agent.exe [801080 2011-05-17] (Tesline-Service SRL)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-27] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-15] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2014-04-03] (AVM Berlin)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [268896 2014-04-03] (SysProgs.org)
R1 Ext2fs; C:\Windows\System32\DRIVERS\ext2fs.sys [270272 2008-09-25] (Stephan Schreiber)
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [769816 2011-07-09] (www.ext2fsd.com)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-04-08] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-12-03] (Paragon Software Group)
R1 IfsMount; C:\Windows\System32\DRIVERS\ifsmount.sys [80320 2008-08-28] (Stephan Schreiber)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7778176 2009-12-16] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [244736 2009-12-16] (Intel(R) Corporation) [File not signed]
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-09] (Malwarebytes Corporation)
R2 regi; C:\Windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo)
R2 RHDISK_AMD64; C:\Program Files (x86)\Rohos\RHDISK_AMD64.SYS [31408 2009-07-24] (Tesline-Service SRL)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 Sntnlusb; C:\Windows\SysWOW64\DRIVERS\SNTNLUSB.SYS [26120 2002-12-16] (Rainbow Technologies Inc.)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-06-10] (Duplex Secure Ltd.)
S3 TVICHW64; C:\Windows\system32\DRIVERS\TVICHW64.SYS [21200 2010-08-30] (EnTech Taiwan)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113952 2014-02-25] (Oracle Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
U3 pgtyrpod; \??\C:\Users\skyerjoe\AppData\Local\Temp\pgtyrpod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 21:40 - 2014-10-21 22:10 - 00125204 _____ () C:\Users\skyerjoe\Downloads\Shortcut.txt
2014-10-21 20:58 - 2014-10-21 20:58 - 00528517 _____ () C:\Users\skyerjoe\Desktop\gmer.log
2014-10-21 20:32 - 2014-10-21 20:32 - 00060979 _____ () C:\Users\skyerjoe\Downloads\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2014-10-21 20:32 - 2014-10-21 20:32 - 00000000 ____D () C:\Users\skyerjoe\Downloads\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board_files
2014-10-21 20:28 - 2014-10-21 20:28 - 00380416 _____ () C:\Users\skyerjoe\Downloads\Gmer-19357(1).exe
2014-10-21 20:23 - 2014-10-21 20:24 - 02110976 _____ (Farbar) C:\Users\skyerjoe\Downloads\FRST64(1).exe
2014-10-21 20:14 - 2014-10-21 20:14 - 00000020 _____ () C:\Users\skyerjoe\defogger_reenable
2014-10-21 20:08 - 2014-10-21 20:08 - 00000292 _____ () C:\Users\skyerjoe\Downloads\defogger_enable.log
2014-10-21 20:07 - 2014-10-21 20:07 - 00050477 _____ () C:\Users\skyerjoe\Downloads\Defogger(1).exe
2014-10-21 14:09 - 2014-10-21 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-10-19 17:52 - 2014-10-19 17:52 - 00005118 _____ () C:\Users\skyerjoe\Downloads\eset-kompl.txt
2014-10-18 16:13 - 2014-10-18 16:13 - 00924173 _____ () C:\Users\skyerjoe\Downloads\BrMain480(1).exe
2014-10-18 14:03 - 2014-10-18 14:03 - 00000725 _____ () C:\Users\skyerjoe\Downloads\eset.txt
2014-10-18 13:59 - 2014-10-18 13:59 - 00000000 ____D () C:\Users\skyerjoe\Downloads\nettool
2014-10-18 13:58 - 2014-10-18 13:58 - 00980304 _____ (A.I.SOFT,INC.) C:\Users\skyerjoe\Downloads\nettool_1270.EXE
2014-10-18 12:41 - 2014-10-18 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox4
2014-10-16 19:20 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 19:20 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 19:20 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 19:20 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 19:20 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 19:20 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 19:20 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 19:20 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 19:19 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 19:19 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 19:19 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 19:19 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 19:19 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 19:19 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 19:19 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 19:19 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 19:19 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 19:19 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 19:19 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 19:19 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 19:19 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 19:19 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 19:19 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 19:19 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 19:19 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 19:19 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 19:19 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 19:19 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 19:19 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 19:19 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 19:19 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 19:19 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 19:19 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 19:19 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 19:19 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 19:19 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 19:19 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 19:19 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 19:19 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 19:19 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 19:19 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 19:19 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 19:19 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 19:19 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 19:19 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 19:19 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 19:19 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 19:19 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 19:19 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 19:19 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 19:19 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 19:19 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 19:19 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 19:19 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 19:19 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 19:19 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 19:19 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 19:19 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 19:19 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 19:19 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 19:19 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 19:19 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 19:19 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 19:18 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 19:18 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 19:18 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 19:18 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 19:17 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 19:17 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 19:17 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 19:17 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 19:17 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 19:17 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 19:17 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 19:17 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 19:17 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 19:17 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 19:17 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 19:17 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 19:17 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 19:17 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 19:17 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 19:17 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 19:16 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 19:16 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-12 15:47 - 2014-10-12 15:47 - 00000000 ____D () C:\Users\sky\Desktop\Old Firefox Data
2014-10-12 15:20 - 2014-10-12 15:20 - 00000000 ____D () C:\Users\sky\AppData\Local\Apple
2014-10-12 15:19 - 2014-10-12 15:19 - 00000000 ____D () C:\Users\sky\AppData\Local\Macromedia
2014-10-10 18:26 - 2014-10-21 22:28 - 00007103 _____ () C:\Users\skyerjoe\Desktop\eset.txt
2014-10-10 18:13 - 2014-10-10 18:13 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\skyerjoe\Downloads\SandboxieInstall.exe
2014-10-10 18:02 - 2014-10-10 18:02 - 01915297 _____ () C:\Users\skyerjoe\Downloads\Secure Banking v2.0.1.rar
2014-10-09 18:59 - 2014-10-09 18:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-09 17:57 - 2014-10-09 17:57 - 00000000 ____D () C:\Users\skyerjoe\Downloads\Rootkit_Remover_3022
2014-10-09 17:56 - 2014-10-09 17:57 - 15258612 _____ () C:\Users\skyerjoe\Downloads\Rootkit_Remover_3022.zip
2014-10-08 20:05 - 2014-10-08 20:05 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-10-08 20:05 - 2014-10-08 20:05 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-10-07 21:57 - 2014-10-21 18:46 - 00000000 ____D () C:\Users\skyerjoe\Downloads\cr_example_db
2014-10-07 21:38 - 2014-10-07 21:38 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Microsoft_Corporation
2014-10-07 21:34 - 2014-10-07 23:16 - 00000000 ____D () C:\Users\skyerjoe\Documents\SQL Server Management Studio
2014-10-07 21:34 - 2014-10-07 21:34 - 00000020 ___SH () C:\Users\MSSQL$SQLEXPRESS\ntuser.ini
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Vorlagen
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Startmenü
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Netzwerkumgebung
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Lokale Einstellungen
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Eigene Dateien
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Druckumgebung
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Documents\Eigene Musik
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Documents\Eigene Bilder
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Verlauf
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Anwendungsdaten
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Anwendungsdaten
2014-10-07 21:34 - 2014-10-07 21:34 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS
2014-10-07 21:34 - 2014-04-02 23:17 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Macromedia
2014-10-07 21:34 - 2013-12-05 20:46 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Apple
2014-10-07 21:34 - 2010-06-11 16:44 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Microsoft Help
2014-10-07 21:34 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-07 21:34 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-07 21:33 - 2012-02-11 10:03 - 00082520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr11.0.2100.60.dll
2014-10-07 21:33 - 2012-02-11 10:02 - 00045656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-10-07 21:33 - 2012-02-11 08:46 - 00180312 _____ (Microsoft Corporation) C:\Windows\system32\hadrres.dll
2014-10-07 21:33 - 2012-02-11 08:46 - 00082520 _____ (Microsoft Corporation) C:\Windows\system32\fssres.dll
2014-10-07 21:33 - 2012-02-11 08:44 - 00095832 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.0.2100.60.dll
2014-10-07 21:33 - 2012-02-11 08:44 - 00054360 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-10-07 21:28 - 2014-10-07 21:28 - 00000000 ____D () C:\Windows\system32\RsFx
2014-10-07 21:26 - 2014-10-07 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-10-07 21:25 - 2014-10-07 21:25 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-10-07 21:25 - 2014-10-07 21:25 - 00000000 ____D () C:\Windows\system32\1033
2014-10-07 21:24 - 2014-10-07 21:24 - 00000000 ____D () C:\Users\skyerjoe\Documents\Visual Studio 2010
2014-10-07 21:21 - 2014-10-07 21:25 - 00000000 ____D () C:\Windows\SysWOW64\1031
2014-10-07 21:20 - 2014-10-07 21:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-10-07 21:18 - 2014-10-07 21:25 - 00000000 ____D () C:\Windows\system32\1031
2014-10-07 21:18 - 2014-10-07 21:18 - 00000000 ____D () C:\Windows\symbols
2014-10-07 21:18 - 2014-10-07 21:18 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-10-07 21:18 - 2014-10-07 21:18 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
         










Grüße skyerjoe

Geändert von fireskyer (21.10.2014 um 23:23 Uhr)

Alt 21.10.2014, 23:40   #2
fireskyer
 
Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. - Standard

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.



FRST Teil 2:

[CODE]Teil 2:

Code:
ATTFilter
2014-10-07 21:18 - 2014-10-07 21:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-10-07 21:12 - 2014-10-07 21:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-10-07 21:12 - 2014-10-07 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2014-10-07 21:05 - 2014-10-07 21:07 - 18411567 _____ () C:\Users\skyerjoe\Downloads\cr_xi_xtreme_rep_smpl_en.zip
2014-10-07 20:57 - 2014-10-07 21:38 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-10-07 20:40 - 2014-10-07 20:51 - 742686296 _____ (Microsoft Corporation) C:\Users\skyerjoe\Downloads\SQLEXPRWT_x64_DEU.exe
2014-10-02 17:53 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-02 17:53 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-02 17:50 - 2014-10-04 15:18 - 00001101 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-09-24 20:56 - 2014-09-24 20:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 20:53 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 20:53 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 22:29 - 2014-04-09 23:30 - 00034959 _____ () C:\Users\skyerjoe\Downloads\FRST.txt
2014-10-21 22:29 - 2014-04-09 23:30 - 00000000 ____D () C:\FRST
2014-10-21 22:12 - 2014-02-06 00:21 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-21 22:12 - 2014-02-06 00:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 22:10 - 2014-04-09 23:32 - 00068000 _____ () C:\Users\skyerjoe\Downloads\Addition.txt
2014-10-21 21:37 - 2013-12-21 02:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-21 20:34 - 2014-04-09 23:25 - 00000530 _____ () C:\Users\skyerjoe\Downloads\defogger_disable.log
2014-10-21 20:33 - 2010-12-31 17:44 - 00002120 _____ () C:\Windows\Sandboxie.ini
2014-10-21 20:29 - 2009-07-14 06:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 20:29 - 2009-07-14 06:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-21 20:25 - 2010-06-02 14:47 - 01582306 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 20:16 - 2012-03-15 16:14 - 00054732 _____ () C:\Windows\setupact.log
2014-10-21 20:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 20:14 - 2010-06-02 15:48 - 00000000 ____D () C:\Users\skyerjoe
2014-10-21 18:19 - 2010-06-02 15:55 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B07B1A65-7663-4533-B9F1-3274CBE7C8AF}
2014-10-21 13:25 - 2014-01-10 12:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-19 23:15 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-19 09:15 - 2014-02-06 00:21 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-18 17:56 - 2010-06-21 17:42 - 00000000 ____D () C:\Users\skyerjoe\USB-Stick
2014-10-18 17:54 - 2011-05-08 14:50 - 00000000 ____D () C:\Program Files\UlisesSoft
2014-10-18 14:06 - 2012-04-27 16:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-18 13:58 - 2014-06-20 01:17 - 00000000 ____D () C:\ProgramData\InstallShield
2014-10-18 13:55 - 2014-06-21 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-10-17 18:03 - 2014-01-11 19:18 - 00000000 ____D () C:\Windows\rescache
2014-10-17 15:03 - 2009-07-14 06:45 - 00453736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 00:55 - 2010-06-02 14:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 00:49 - 2013-11-15 17:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 00:09 - 2010-06-15 00:00 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 19:16 - 2011-06-13 19:04 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Deployment
2014-10-12 19:48 - 2011-04-03 19:09 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{98ADFF9C-7640-4C3E-A3B7-468DC3BE102F}
2014-10-12 15:13 - 2014-07-15 18:29 - 00000000 ____D () C:\Users\sky\AppData\Roaming\ControlCenter4
2014-10-12 15:13 - 2011-04-03 19:10 - 00000000 ____D () C:\Users\sky\AppData\Local\Mozilla
2014-10-10 16:22 - 2010-12-31 17:44 - 00001318 _____ () C:\Users\skyerjoe\Desktop\Sandboxed Web Browser.lnk
2014-10-07 21:56 - 2014-06-20 01:09 - 00000000 ____D () C:\Program Files (x86)\Business Objects
2014-10-07 21:33 - 2010-06-02 15:40 - 00806468 _____ () C:\Windows\system32\perfh007.dat
2014-10-07 21:33 - 2010-06-02 15:40 - 00184872 _____ () C:\Windows\system32\perfc007.dat
2014-10-07 21:33 - 2009-07-14 07:13 - 01912276 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-07 21:31 - 2010-06-02 14:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-07 21:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-07 21:02 - 2013-11-19 17:59 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\JDownloader v2.0
2014-10-04 15:18 - 2010-06-10 15:44 - 00000000 ____D () C:\Update
2014-10-02 17:50 - 2011-04-20 00:34 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-10-02 17:50 - 2010-01-30 00:44 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-10-02 17:49 - 2010-06-02 15:41 - 00000000 ____D () C:\Program Files\Sony
2014-10-02 17:49 - 2010-01-29 23:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-02 15:53 - 2010-06-30 01:44 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-24 20:38 - 2013-12-21 02:16 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 20:37 - 2013-11-14 17:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 20:37 - 2011-05-19 01:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\skyerjoe\fbchathistory.dat


Some content of TEMP:
====================
C:\Users\sky\AppData\Local\Temp\AskSLib.dll
C:\Users\skyerjoe\AppData\Local\Temp\0a50e25a83046228c11dcaa7eeed09bb.exe
C:\Users\skyerjoe\AppData\Local\Temp\2tjmntfy.dll
C:\Users\skyerjoe\AppData\Local\Temp\3-93kwq1.dll
C:\Users\skyerjoe\AppData\Local\Temp\aqbarqcr.exe
C:\Users\skyerjoe\AppData\Local\Temp\AskSLib.dll
C:\Users\skyerjoe\AppData\Local\Temp\HitmanPro.exe
C:\Users\skyerjoe\AppData\Local\Temp\IcqUpdater.exe
C:\Users\skyerjoe\AppData\Local\Temp\instmsia.exe
C:\Users\skyerjoe\AppData\Local\Temp\instmsiw.exe
C:\Users\skyerjoe\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\skyerjoe\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\skyerjoe\AppData\Local\Temp\proxy_vole3500956037655423508.dll
C:\Users\skyerjoe\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\skyerjoe\AppData\Local\Temp\sdanircmdc.exe
C:\Users\skyerjoe\AppData\Local\Temp\sdapskill.exe
C:\Users\skyerjoe\AppData\Local\Temp\setup.exe
C:\Users\skyerjoe\AppData\Local\Temp\utt7C46.tmp.exe
C:\Users\skyerjoe\AppData\Local\Temp\vcredist_x64.exe
C:\Users\skyerjoe\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\skyerjoe\AppData\Local\Temp\_is5235.exe
C:\Users\skyerjoe\AppData\Local\Temp\_is84E8.exe
C:\Users\skyerjoe\AppData\Local\Temp\_isB78C.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-17 17:54

==================== End Of Log ============================
         
GMER.log:

Teil 1:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-21 22:59:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: Gmer-19357(1).exe; Driver: C:\Users\skyerjoe\AppData\Local\Temp\pgtyrpod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                        fffff800035fb000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594                                                                                        fffff800035fb042 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   0000000077b61360 5 bytes JMP 000000014a610460
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                            0000000077b613b0 5 bytes JMP 000000014a610450
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            0000000077b61510 5 bytes JMP 000000014a610370
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 0000000077b61560 5 bytes JMP 000000014a610470
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       0000000077b61570 5 bytes JMP 000000014a6103e0
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                            0000000077b61620 5 bytes JMP 000000014a610320
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     0000000077b61650 5 bytes JMP 000000014a6103b0
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        0000000077b61670 5 bytes JMP 000000014a610390
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              0000000077b616b0 5 bytes JMP 000000014a6102e0
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            0000000077b61730 5 bytes JMP 000000014a6102d0
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                          0000000077b61750 5 bytes JMP 000000014a610310
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                           0000000077b61790 5 bytes JMP 000000014a6103c0
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        0000000077b617e0 5 bytes JMP 000000014a6103f0
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           0000000077b61940 5 bytes JMP 000000014a610230
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                0000000077b61b00 5 bytes JMP 000000014a610480
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               0000000077b61b30 5 bytes JMP 000000014a6103a0
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        0000000077b61c10 5 bytes JMP 000000014a6102f0
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     0000000077b61c20 5 bytes JMP 000000014a610350
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           0000000077b61c80 5 bytes JMP 000000014a610290
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        0000000077b61d10 5 bytes JMP 000000014a6102b0
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         0000000077b61d30 5 bytes JMP 000000014a6103d0
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            0000000077b61d40 5 bytes JMP 000000014a610330
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     0000000077b61db0 5 bytes JMP 000000014a610410
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        0000000077b61de0 5 bytes JMP 000000014a610240
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             0000000077b620a0 5 bytes JMP 000000014a6101e0
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        0000000077b62160 5 bytes JMP 000000014a610250
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        0000000077b62190 5 bytes JMP 000000014a610490
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               0000000077b621a0 5 bytes JMP 000000014a6104a0
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          0000000077b621d0 5 bytes JMP 000000014a610300
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       0000000077b621e0 5 bytes JMP 000000014a610360
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             0000000077b62240 5 bytes JMP 000000014a6102a0
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          0000000077b62290 5 bytes JMP 000000014a6102c0
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                             0000000077b622c0 5 bytes JMP 000000014a610380
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              0000000077b622d0 5 bytes JMP 000000014a610340
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       0000000077b625c0 5 bytes JMP 000000014a610440
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      0000000077b627c0 5 bytes JMP 000000014a610260
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         0000000077b627d0 5 bytes JMP 000000014a610270
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       0000000077b627e0 5 bytes JMP 000000014a610400
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   0000000077b629a0 5 bytes JMP 000000014a6101f0
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    0000000077b629b0 5 bytes JMP 000000014a610210
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         0000000077b62a20 5 bytes JMP 000000014a610200
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         0000000077b62a80 5 bytes JMP 000000014a610420
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          0000000077b62a90 5 bytes JMP 000000014a610430
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     0000000077b62aa0 5 bytes JMP 000000014a610220
.text     C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                             0000000077b62b80 5 bytes JMP 000000014a610280
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                 0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                          0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                          0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                               0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                          0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                   0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                      0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                            0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                          0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                        0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                         0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                      0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                         0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                              0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                             0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                      0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                   0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                         0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                      0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                       0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                          0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                   0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                      0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                           0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                      0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                      0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                             0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                        0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                     0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                           0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                        0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                           0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                            0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                     0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                    0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                       0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                  0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                       0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                       0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                        0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                   0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                           0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\wininit.exe[720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                0000000077a4ef8d 1 byte [62]
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   0000000077b61360 5 bytes JMP 000000014a610460
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                            0000000077b613b0 5 bytes JMP 000000014a610450
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            0000000077b61510 5 bytes JMP 000000014a610370
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 0000000077b61560 5 bytes JMP 000000014a610470
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       0000000077b61570 5 bytes JMP 000000014a6103e0
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                            0000000077b61620 5 bytes JMP 000000014a610320
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     0000000077b61650 5 bytes JMP 000000014a6103b0
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        0000000077b61670 5 bytes JMP 000000014a610390
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              0000000077b616b0 5 bytes JMP 000000014a6102e0
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            0000000077b61730 5 bytes JMP 000000014a6102d0
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                          0000000077b61750 5 bytes JMP 000000014a610310
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                           0000000077b61790 5 bytes JMP 000000014a6103c0
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        0000000077b617e0 5 bytes JMP 000000014a6103f0
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           0000000077b61940 5 bytes JMP 000000014a610230
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                0000000077b61b00 5 bytes JMP 000000014a610480
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               0000000077b61b30 5 bytes JMP 000000014a6103a0
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        0000000077b61c10 5 bytes JMP 000000014a6102f0
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     0000000077b61c20 5 bytes JMP 000000014a610350
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           0000000077b61c80 5 bytes JMP 000000014a610290
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        0000000077b61d10 5 bytes JMP 000000014a6102b0
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         0000000077b61d30 5 bytes JMP 000000014a6103d0
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            0000000077b61d40 5 bytes JMP 000000014a610330
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     0000000077b61db0 5 bytes JMP 000000014a610410
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        0000000077b61de0 5 bytes JMP 000000014a610240
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             0000000077b620a0 5 bytes JMP 000000014a6101e0
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        0000000077b62160 5 bytes JMP 000000014a610250
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        0000000077b62190 5 bytes JMP 000000014a610490
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               0000000077b621a0 5 bytes JMP 000000014a6104a0
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          0000000077b621d0 5 bytes JMP 000000014a610300
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       0000000077b621e0 5 bytes JMP 000000014a610360
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             0000000077b62240 5 bytes JMP 000000014a6102a0
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          0000000077b62290 5 bytes JMP 000000014a6102c0
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                             0000000077b622c0 5 bytes JMP 000000014a610380
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              0000000077b622d0 5 bytes JMP 000000014a610340
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       0000000077b625c0 5 bytes JMP 000000014a610440
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      0000000077b627c0 5 bytes JMP 000000014a610260
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         0000000077b627d0 5 bytes JMP 000000014a610270
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       0000000077b627e0 5 bytes JMP 000000014a610400
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   0000000077b629a0 5 bytes JMP 000000014a6101f0
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    0000000077b629b0 5 bytes JMP 000000014a610210
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         0000000077b62a20 5 bytes JMP 000000014a610200
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         0000000077b62a80 5 bytes JMP 000000014a610420
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          0000000077b62a90 5 bytes JMP 000000014a610430
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     0000000077b62aa0 5 bytes JMP 000000014a610220
.text     C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                             0000000077b62b80 5 bytes JMP 000000014a610280
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\services.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\services.exe[784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000077a4ef8d 1 byte [62]
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                   0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                            0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                            0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                 0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                       0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                            0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                        0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                              0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                            0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                          0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                           0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                        0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                           0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                               0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                        0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                     0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                           0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                        0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                            0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                     0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                        0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                             0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                        0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                        0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                               0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                          0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                       0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                             0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                          0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                             0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                              0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                       0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                      0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                         0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                   0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                    0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                         0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                         0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                          0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                     0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\lsass.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                             0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     0000000077b61360 5 bytes JMP 0000000100070460
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                              0000000077b613b0 5 bytes JMP 0000000100070450
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              0000000077b61510 5 bytes JMP 0000000100070370
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   0000000077b61560 5 bytes JMP 0000000100070470
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         0000000077b61570 5 bytes JMP 00000001000703e0
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                              0000000077b61620 5 bytes JMP 0000000100070320
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       0000000077b61650 5 bytes JMP 00000001000703b0
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          0000000077b61670 5 bytes JMP 0000000100070390
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                0000000077b616b0 5 bytes JMP 00000001000702e0
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              0000000077b61730 5 bytes JMP 00000001000702d0
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                            0000000077b61750 5 bytes JMP 0000000100070310
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                             0000000077b61790 5 bytes JMP 00000001000703c0
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          0000000077b617e0 5 bytes JMP 00000001000703f0
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             0000000077b61940 5 bytes JMP 0000000100070230
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  0000000077b61b00 5 bytes JMP 0000000100070480
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 0000000077b61b30 5 bytes JMP 00000001000703a0
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          0000000077b61c10 5 bytes JMP 00000001000702f0
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       0000000077b61c20 5 bytes JMP 0000000100070350
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             0000000077b61c80 5 bytes JMP 0000000100070290
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          0000000077b61d10 5 bytes JMP 00000001000702b0
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           0000000077b61d30 5 bytes JMP 00000001000703d0
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              0000000077b61d40 5 bytes JMP 0000000100070330
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       0000000077b61db0 5 bytes JMP 0000000100070410
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          0000000077b61de0 5 bytes JMP 0000000100070240
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               0000000077b620a0 5 bytes JMP 00000001000701e0
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          0000000077b62160 5 bytes JMP 0000000100070250
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          0000000077b62190 5 bytes JMP 0000000100070490
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 0000000077b621a0 5 bytes JMP 00000001000704a0
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            0000000077b621d0 5 bytes JMP 0000000100070300
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         0000000077b621e0 5 bytes JMP 0000000100070360
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               0000000077b62240 5 bytes JMP 00000001000702a0
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            0000000077b62290 5 bytes JMP 00000001000702c0
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                               0000000077b622c0 5 bytes JMP 0000000100070380
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                0000000077b622d0 5 bytes JMP 0000000100070340
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         0000000077b625c0 5 bytes JMP 0000000100070440
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        0000000077b627c0 5 bytes JMP 0000000100070260
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           0000000077b627d0 5 bytes JMP 0000000100070270
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         0000000077b627e0 5 bytes JMP 0000000100070400
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     0000000077b629a0 5 bytes JMP 00000001000701f0
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      0000000077b629b0 5 bytes JMP 0000000100070210
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           0000000077b62a20 5 bytes JMP 0000000100070200
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           0000000077b62a80 5 bytes JMP 0000000100070420
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            0000000077b62a90 5 bytes JMP 0000000100070430
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       0000000077b62aa0 5 bytes JMP 0000000100070220
.text     C:\Windows\system32\lsm.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                               0000000077b62b80 5 bytes JMP 0000000100070280
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\winlogon.exe[868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000077a4ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                 0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                          0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                          0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                               0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                          0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                   0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                      0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                            0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                          0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                        0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                         0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                      0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                         0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                              0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                             0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                      0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                   0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                         0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                      0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                       0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                          0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                   0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                      0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                           0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                      0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                      0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                             0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                        0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                     0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                           0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                        0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                           0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                            0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                     0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                    0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                       0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                  0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                       0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                       0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                        0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                   0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                           0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                 0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                          0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                          0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                               0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                          0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                   0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                      0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                            0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                          0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                        0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                         0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                      0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                         0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                              0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                             0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                      0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                   0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                         0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                      0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                       0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                          0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                   0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                      0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                           0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                      0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                      0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                             0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                        0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                     0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                           0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                        0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                           0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                            0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                     0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                    0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                       0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                 0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                  0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                       0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                       0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                        0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                   0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                           0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\svchost.exe[416] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                0000000077a4ef8d 1 byte [62]
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\atiesrxx.exe[744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000077a4ef8d 1 byte [62]
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
         
__________________


Alt 21.10.2014, 23:42   #3
fireskyer
 
Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. - Standard

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.



GMER:

Teil 2:

Code:
ATTFilter
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000077a4ef8d 1 byte [62]
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000100070460
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000100070450
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000100070370
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000100070470
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 00000001000703e0
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000100070320
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 00000001000703b0
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000100070390
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 00000001000702e0
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 00000001000702d0
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000100070310
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 00000001000703c0
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 00000001000703f0
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000100070230
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000100070480
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 00000001000703a0
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 00000001000702f0
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000100070350
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000100070290
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 00000001000702b0
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 00000001000703d0
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000100070330
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000100070410
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000100070240
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 00000001000701e0
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000100070250
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000100070490
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 00000001000704a0
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000100070300
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000100070360
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 00000001000702a0
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 00000001000702c0
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000100070380
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000100070340
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000100070440
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000100070260
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000100070270
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000100070400
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 00000001000701f0
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000100070210
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000100070200
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000100070420
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000100070430
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000100070220
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000100070280
.text     C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000077a4ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000077a4ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000077a4ef8d 1 byte [62]
.text     C:\Program Files (x86)\Rohos\agent.exe[1304] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                        0000000075b8a2fd 1 byte [62]
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                               0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                        0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                        0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                             0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                   0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                        0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                    0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                          0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                        0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                      0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                       0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                    0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                       0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                            0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                           0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                    0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                       0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                    0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                     0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                        0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                    0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                         0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                    0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                    0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                           0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                      0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                   0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                         0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                      0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                         0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                          0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                   0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                  0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                     0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                   0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                               0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                     0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                     0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                      0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\atieclxx.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                         0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                         0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                  0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                  0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                       0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                             0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                  0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                           0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                              0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                    0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                  0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                              0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                 0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                      0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                     0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                              0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                           0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                              0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                               0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                  0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                           0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                              0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                   0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                              0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                              0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                     0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                             0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                   0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                   0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                    0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                             0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                            0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                               0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                             0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                         0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                          0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                               0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                               0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                           0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Program Files\Sandboxie\SbieSvc.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                   0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\System32\spoolsv.exe[1836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000077a4ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1256] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[2120] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                        0000000075b8a2fd 1 byte [62]
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                     0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                              0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                              0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                   0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                         0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                              0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                       0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                          0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                              0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                            0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                             0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                          0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                             0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                  0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                          0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                       0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                             0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                          0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                           0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                              0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                       0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                          0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                               0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                          0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                          0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                            0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                         0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                               0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                            0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                               0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                         0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                        0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                           0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                         0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                     0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                      0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                           0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                           0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                            0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                       0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                               0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                        0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                 0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                      0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                            0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                 0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                          0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                             0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                   0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                               0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                             0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                     0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                    0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                             0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                          0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                             0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                              0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                          0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                             0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                  0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                             0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                             0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                    0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                               0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                            0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                  0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                               0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                  0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                   0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                            0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                           0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                              0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                            0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                        0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                         0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                              0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                              0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                               0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                          0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                  0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2216] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                       0000000077a4ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
         
__________________

Alt 21.10.2014, 23:44   #4
fireskyer
 
Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. - Standard

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.



Gmer:

Teil 3:

Code:
ATTFilter
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\svchost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2400] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                           0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2476] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                0000000075b8a2fd 1 byte [62]
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\System32\svchost.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2864] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                   0000000075b8a2fd 1 byte [62]
.text     c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2900] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                     0000000075b8a2fd 1 byte [62]
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\System32\svchost.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe[2948] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                         0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3004] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                   0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 0000000077021465 2 bytes [02, 77]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                00000000770214bb 2 bytes [02, 77]
.text     ...                                                                                                                                                       * 2
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[3040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                    0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  0000000077021465 2 bytes [02, 77]
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                 00000000770214bb 2 bytes [02, 77]
.text     ...                                                                                                                                                       * 2
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                  0000000077b61360 5 bytes JMP 0000000100290460
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                           0000000077b613b0 5 bytes JMP 0000000100290450
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                           0000000077b61510 5 bytes JMP 0000000100290370
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                0000000077b61560 5 bytes JMP 0000000100290470
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                      0000000077b61570 5 bytes JMP 00000001002903e0
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                           0000000077b61620 5 bytes JMP 0000000100290320
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                    0000000077b61650 5 bytes JMP 00000001002903b0
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                       0000000077b61670 5 bytes JMP 0000000100290390
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                             0000000077b616b0 5 bytes JMP 00000001002902e0
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                           0000000077b61730 5 bytes JMP 00000001002902d0
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                         0000000077b61750 5 bytes JMP 0000000100290310
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                          0000000077b61790 5 bytes JMP 00000001002903c0
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                       0000000077b617e0 5 bytes JMP 00000001002903f0
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                          0000000077b61940 5 bytes JMP 0000000100290230
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                               0000000077b61b00 5 bytes JMP 0000000100290480
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                              0000000077b61b30 5 bytes JMP 00000001002903a0
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                       0000000077b61c10 5 bytes JMP 00000001002902f0
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                    0000000077b61c20 5 bytes JMP 0000000100290350
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                          0000000077b61c80 5 bytes JMP 0000000100290290
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                       0000000077b61d10 5 bytes JMP 00000001002902b0
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                        0000000077b61d30 5 bytes JMP 00000001002903d0
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                           0000000077b61d40 5 bytes JMP 0000000100290330
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                    0000000077b61db0 5 bytes JMP 0000000100290410
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                       0000000077b61de0 5 bytes JMP 0000000100290240
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                            0000000077b620a0 5 bytes JMP 00000001002901e0
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                       0000000077b62160 5 bytes JMP 0000000100290250
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                       0000000077b62190 5 bytes JMP 0000000100290490
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                              0000000077b621a0 5 bytes JMP 00000001002904a0
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                         0000000077b621d0 5 bytes JMP 0000000100290300
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                      0000000077b621e0 5 bytes JMP 0000000100290360
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                            0000000077b62240 5 bytes JMP 00000001002902a0
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                         0000000077b62290 5 bytes JMP 00000001002902c0
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                            0000000077b622c0 5 bytes JMP 0000000100290380
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                             0000000077b622d0 5 bytes JMP 0000000100290340
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                      0000000077b625c0 5 bytes JMP 0000000100290440
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                     0000000077b627c0 5 bytes JMP 0000000100290260
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                        0000000077b627d0 5 bytes JMP 0000000100290270
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                      0000000077b627e0 5 bytes JMP 0000000100290400
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                  0000000077b629a0 5 bytes JMP 00000001002901f0
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                   0000000077b629b0 5 bytes JMP 0000000100290210
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                        0000000077b62a20 5 bytes JMP 0000000100290200
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                        0000000077b62a80 5 bytes JMP 0000000100290420
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                         0000000077b62a90 5 bytes JMP 0000000100290430
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                    0000000077b62aa0 5 bytes JMP 0000000100290220
.text     c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                            0000000077b62b80 5 bytes JMP 0000000100290280
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\svchost.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[2296] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                             0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[2572] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                       0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2072] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                     0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000077021465 2 bytes [02, 77]
.text     C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000770214bb 2 bytes [02, 77]
.text     ...                                                                                                                                                       * 2
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                        0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                 0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                      0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                            0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                 0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                          0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                             0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                   0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                               0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                             0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                     0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                    0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                             0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                          0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                             0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                              0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                          0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                             0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                  0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                             0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                             0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                    0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                               0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                            0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                  0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                               0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                  0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                   0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                            0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                           0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                              0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                            0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                        0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                         0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                              0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                              0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                               0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                          0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                  0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\System32\svchost.exe[3104] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000077a4ef8d 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3160] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112           0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                  0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000077021465 2 bytes [02, 77]
.text     C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[3244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000770214bb 2 bytes [02, 77]
.text     ...                                                                                                                                                       * 2
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                               0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                        0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                        0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                             0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                   0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                        0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                    0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                          0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                        0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                      0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                       0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                    0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                       0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                            0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                           0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                    0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                       0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                    0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                     0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                        0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                    0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                         0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                    0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                    0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                           0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                      0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                   0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                         0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                      0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                         0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                          0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                   0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                  0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                     0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                   0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                               0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                     0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                     0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                      0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\taskhost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                         0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\taskeng.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                             0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                             0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                           0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                            0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                              0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\Dwm.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                              0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                        0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                 0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                 0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                      0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                            0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                 0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                          0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                             0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                   0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                 0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                               0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                             0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                     0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                    0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                             0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                          0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                             0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                              0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                 0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                          0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                             0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                  0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                             0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                             0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                    0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                               0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                            0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                  0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                               0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                  0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                   0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                            0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                           0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                              0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                            0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                        0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                         0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                              0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                              0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                               0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                          0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                  0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\Explorer.EXE[4292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                       0000000077a4ef8d 1 byte [62]
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                             0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                      0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                      0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                           0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                      0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                               0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                  0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                        0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                      0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                    0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                     0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                  0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                     0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                          0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                         0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                  0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                               0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                     0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                  0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                   0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                      0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                               0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                  0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                       0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                  0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                  0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                         0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                    0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                       0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                    0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                       0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                        0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                   0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                             0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                              0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                   0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                   0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                    0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                               0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                       0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files\Apoint\Apoint.exe[4876] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            0000000077a4ef8d 1 byte [62]
.text     C:\Windows\System32\PrintDisp.exe[4960] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                             0000000075b8a2fd 1 byte [62]
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                           0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                    0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                    0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                         0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                               0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                    0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                             0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                      0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                    0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                  0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                   0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                   0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                        0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                       0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                             0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                   0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                 0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                    0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                             0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                     0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                       0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                  0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                               0000000077b621e0 5 bytes JMP 0000000077cc0360
         

Alt 21.10.2014, 23:45   #5
fireskyer
 
Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. - Standard

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.



GMER:

Teil 4:

Code:
ATTFilter
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                     0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                  0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                     0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                      0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                               0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                              0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                 0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                               0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                           0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                            0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                 0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                 0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                  0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                             0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                     0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files\Apoint\ApMsgFwd.exe[4336] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                          0000000077a4ef8d 1 byte [62]
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                     0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                              0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                              0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                   0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                         0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                              0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                       0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                          0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                              0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                            0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                             0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                          0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                             0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                  0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                 0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                          0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                       0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                             0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                          0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                           0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                              0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                       0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                          0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                               0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                          0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                          0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                 0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                            0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                         0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                               0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                            0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                               0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                         0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                        0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                           0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                         0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                     0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                      0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                           0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                           0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                            0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                       0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Program Files\Sony\VAIO Power Management\SPMService.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                               0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                          0000000077b61360 5 bytes JMP 0000000100070460
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                   0000000077b613b0 5 bytes JMP 0000000100070450
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                   0000000077b61510 5 bytes JMP 0000000100070370
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                        0000000077b61560 5 bytes JMP 0000000100070470
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000077b61570 5 bytes JMP 00000001000703e0
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000077b61620 5 bytes JMP 0000000100070320
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                            0000000077b61650 5 bytes JMP 00000001000703b0
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                               0000000077b61670 5 bytes JMP 0000000100070390
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                     0000000077b616b0 5 bytes JMP 00000001000702e0
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                   0000000077b61730 5 bytes JMP 00000001000702d0
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000077b61750 5 bytes JMP 0000000100070310
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000077b61790 5 bytes JMP 00000001000703c0
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000077b617e0 5 bytes JMP 00000001000703f0
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                  0000000077b61940 5 bytes JMP 0000000100070230
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000077b61b00 5 bytes JMP 0000000100070480
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                      0000000077b61b30 5 bytes JMP 00000001000703a0
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                               0000000077b61c10 5 bytes JMP 00000001000702f0
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                            0000000077b61c20 5 bytes JMP 0000000100070350
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                  0000000077b61c80 5 bytes JMP 0000000100070290
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                               0000000077b61d10 5 bytes JMP 00000001000702b0
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000077b61d30 5 bytes JMP 00000001000703d0
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                   0000000077b61d40 5 bytes JMP 0000000100070330
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                            0000000077b61db0 5 bytes JMP 0000000100070410
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                               0000000077b61de0 5 bytes JMP 0000000100070240
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000077b620a0 5 bytes JMP 00000001000701e0
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                               0000000077b62160 5 bytes JMP 0000000100070250
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                               0000000077b62190 5 bytes JMP 0000000100070490
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                      0000000077b621a0 5 bytes JMP 00000001000704a0
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                 0000000077b621d0 5 bytes JMP 0000000100070300
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                              0000000077b621e0 5 bytes JMP 0000000100070360
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                    0000000077b62240 5 bytes JMP 00000001000702a0
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                 0000000077b62290 5 bytes JMP 00000001000702c0
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                    0000000077b622c0 5 bytes JMP 0000000100070380
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                     0000000077b622d0 5 bytes JMP 0000000100070340
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                              0000000077b625c0 5 bytes JMP 0000000100070440
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                             0000000077b627c0 5 bytes JMP 0000000100070260
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                0000000077b627d0 5 bytes JMP 0000000100070270
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              0000000077b627e0 5 bytes JMP 0000000100070400
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000077b629a0 5 bytes JMP 00000001000701f0
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                           0000000077b629b0 5 bytes JMP 0000000100070210
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000077b62a20 5 bytes JMP 0000000100070200
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                0000000077b62a80 5 bytes JMP 0000000100070420
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                 0000000077b62a90 5 bytes JMP 0000000100070430
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000077b62aa0 5 bytes JMP 0000000100070220
.text     C:\Windows\system32\wbem\wmiprvse.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                    0000000077b62b80 5 bytes JMP 0000000100070280
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                          0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                   0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                   0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                        0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                            0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                               0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                     0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                   0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                  0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                      0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                               0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                            0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                  0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                               0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                   0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                            0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                               0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                               0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                               0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                      0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                              0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                    0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                    0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                     0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                              0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                             0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                           0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\SearchIndexer.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                    0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                             0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                      0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                      0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                           0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                 0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                      0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                               0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                  0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                        0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                      0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                    0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                     0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                  0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                     0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                          0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                         0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                  0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                               0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                     0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                  0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                   0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                      0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                               0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                  0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                       0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                  0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                  0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                         0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                    0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                 0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                       0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                    0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                       0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                        0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                 0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                   0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                 0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                             0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                              0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                   0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                   0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                    0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                               0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                       0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files\Apoint\Apntex.exe[4920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            0000000077a4ef8d 1 byte [62]
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\conhost.exe[4912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000077a4ef8d 1 byte [62]
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                              0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                       0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                       0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                            0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                  0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                       0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                   0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                         0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                       0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                     0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                      0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                   0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                      0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                           0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                          0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                   0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                      0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                   0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                    0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                       0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                   0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                        0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                   0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                   0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                          0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                     0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                  0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                        0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                     0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                        0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                         0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                  0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                    0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                  0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                              0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                               0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                    0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                    0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                     0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Program Files\Apoint\Apvfb.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                        0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                         0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                  0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                  0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                       0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                             0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                  0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                           0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                              0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                    0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                  0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                 0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                              0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                 0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                      0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                     0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                              0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                           0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                 0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                              0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                               0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                  0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                           0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                              0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                   0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                              0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                              0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                     0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                             0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                   0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                   0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                    0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                             0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                            0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                               0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                             0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                         0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                          0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                               0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                               0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                           0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                   0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                        0000000077a4ef8d 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5440] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                 0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe[5476] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                            0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe[5500] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                          0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                            0000000077b61360 5 bytes JMP 0000000100070460
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                     0000000077b613b0 5 bytes JMP 0000000100070450
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                     0000000077b61510 5 bytes JMP 0000000100070370
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                          0000000077b61560 5 bytes JMP 0000000100070470
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                0000000077b61570 5 bytes JMP 00000001000703e0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                     0000000077b61620 5 bytes JMP 0000000100070320
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                              0000000077b61650 5 bytes JMP 00000001000703b0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                 0000000077b61670 5 bytes JMP 0000000100070390
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                       0000000077b616b0 5 bytes JMP 00000001000702e0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                     0000000077b61730 5 bytes JMP 00000001000702d0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                   0000000077b61750 5 bytes JMP 0000000100070310
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                    0000000077b61790 5 bytes JMP 00000001000703c0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                 0000000077b617e0 5 bytes JMP 00000001000703f0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                    0000000077b61940 5 bytes JMP 0000000100070230
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                         0000000077b61b00 5 bytes JMP 0000000100070480
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                        0000000077b61b30 5 bytes JMP 00000001000703a0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                 0000000077b61c10 5 bytes JMP 00000001000702f0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                              0000000077b61c20 5 bytes JMP 0000000100070350
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                    0000000077b61c80 5 bytes JMP 0000000100070290
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                 0000000077b61d10 5 bytes JMP 00000001000702b0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                  0000000077b61d30 5 bytes JMP 00000001000703d0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                     0000000077b61d40 5 bytes JMP 0000000100070330
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                              0000000077b61db0 5 bytes JMP 0000000100070410
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                 0000000077b61de0 5 bytes JMP 0000000100070240
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                      0000000077b620a0 5 bytes JMP 00000001000701e0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                 0000000077b62160 5 bytes JMP 0000000100070250
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                 0000000077b62190 5 bytes JMP 0000000100070490
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                        0000000077b621a0 5 bytes JMP 00000001000704a0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                   0000000077b621d0 5 bytes JMP 0000000100070300
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                0000000077b621e0 5 bytes JMP 0000000100070360
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                      0000000077b62240 5 bytes JMP 00000001000702a0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                   0000000077b62290 5 bytes JMP 00000001000702c0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                      0000000077b622c0 5 bytes JMP 0000000100070380
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                       0000000077b622d0 5 bytes JMP 0000000100070340
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                0000000077b625c0 5 bytes JMP 0000000100070440
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                               0000000077b627c0 5 bytes JMP 0000000100070260
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                  0000000077b627d0 5 bytes JMP 0000000100070270
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                0000000077b627e0 5 bytes JMP 0000000100070400
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                            0000000077b629a0 5 bytes JMP 00000001000701f0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                             0000000077b629b0 5 bytes JMP 0000000100070210
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                  0000000077b62a20 5 bytes JMP 0000000100070200
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                  0000000077b62a80 5 bytes JMP 0000000100070420
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                   0000000077b62a90 5 bytes JMP 0000000100070430
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                              0000000077b62aa0 5 bytes JMP 0000000100070220
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                      0000000077b62b80 5 bytes JMP 0000000100070280
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[1208] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                      0000000075b68791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[1208] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                             0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5168] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                        0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[5368] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                          0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[4684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                 0000000075b8a2fd 1 byte [62]
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                       0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                     0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                           0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                         0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                            0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                  0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                              0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                               0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                            0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                               0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                    0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                   0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                            0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                         0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                               0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                            0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                             0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                         0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                            0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                 0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                            0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                            0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                   0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                              0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                           0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                 0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                              0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                 0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                  0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                           0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                          0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                             0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                           0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                       0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                        0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                             0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                             0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                              0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                         0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Program Files\iPod\bin\iPodService.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                 0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                          0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                   0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                   0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                        0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                            0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                               0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                     0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                   0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                  0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                      0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                               0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                            0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                  0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                               0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                   0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                            0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                               0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                               0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                               0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                      0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                              0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                    0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                    0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                     0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                              0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                             0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                           0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\wbem\wmiprvse.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                    0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files (x86)\Browny02\BrYNSvc.exe[5748] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                   0000000075b8a2fd 1 byte [62]
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                            0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                     0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                     0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                          0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                     0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                              0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                 0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                       0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                     0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                   0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                    0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                 0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                    0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                         0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                        0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                 0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                              0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                    0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                 0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                  0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                     0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                              0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                 0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                      0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                 0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                 0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                        0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                   0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                      0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                   0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                      0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                       0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                               0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                  0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                            0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                             0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                  0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                  0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                   0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                              0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6244] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                      0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                          0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                   0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                   0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                        0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                            0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                               0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                     0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                   0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                  0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                      0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                               0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                            0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                  0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                               0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                   0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                            0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                               0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                               0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                               0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                      0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                 0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                              0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                    0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                 0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                    0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                     0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                              0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                             0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                           0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                 0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\wbem\unsecapp.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                    0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
         


Alt 21.10.2014, 23:47   #6
fireskyer
 
Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. - Standard

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.



GMER:

Teil 5:

Code:
ATTFilter
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\svchost.exe[6584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                           0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                       0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                            0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                             0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Program Files\Sony\VAIO Update\vuagent.exe[6652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Users\skyerjoe\Downloads\Defogger(1).exe[5380] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                   0000000075b8a2fd 1 byte [62]
.text     C:\Users\skyerjoe\Downloads\Defogger(1).exe[5380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 0000000077021465 2 bytes [02, 77]
.text     C:\Users\skyerjoe\Downloads\Defogger(1).exe[5380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                00000000770214bb 2 bytes [02, 77]
.text     ...                                                                                                                                                       * 2
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Windows\system32\conhost.exe[6936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000077a4ef8d 1 byte [62]
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                              0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                       0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                       0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                            0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                  0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                       0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                   0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                         0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                       0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                     0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                      0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                   0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                      0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                           0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                          0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                   0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                      0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                   0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                    0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                       0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                   0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                        0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                   0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                   0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                          0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                     0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                  0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                        0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                     0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                        0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                         0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                  0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                 0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                    0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                              0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                               0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                    0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                    0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                     0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                        0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe[5412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                             0000000077a4ef8d 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6148] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                0000000075b8a2fd 1 byte [62]
.text     C:\Program Files\Sony\VAIO Care\VCService.exe[408] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                  0000000075b8a2fd 1 byte [62]
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                    0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                             0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                             0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                  0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                        0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                             0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                      0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                         0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                               0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                             0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                           0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                            0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                         0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                            0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                 0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                         0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                      0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                            0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                         0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                          0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                             0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                      0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                         0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                              0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                         0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                         0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                           0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                        0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                              0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                           0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                              0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                               0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                        0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                       0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                          0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                        0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                    0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                     0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                          0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                          0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                           0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                      0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                              0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Program Files\Sony\VAIO Care\VCAgent.exe[6732] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                   0000000077a4ef8d 1 byte [62]
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                               0000000077b61360 5 bytes JMP 0000000077cc0460
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                        0000000077b613b0 5 bytes JMP 0000000077cc0450
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                        0000000077b61510 5 bytes JMP 0000000077cc0370
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                             0000000077b61560 5 bytes JMP 0000000077cc0470
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                   0000000077b61570 5 bytes JMP 0000000077cc03e0
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                        0000000077b61620 5 bytes JMP 0000000077cc0320
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                 0000000077b61650 5 bytes JMP 0000000077cc03b0
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                    0000000077b61670 5 bytes JMP 0000000077cc0390
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                          0000000077b616b0 5 bytes JMP 0000000077cc02e0
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                        0000000077b61730 5 bytes JMP 0000000077cc02d0
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                      0000000077b61750 5 bytes JMP 0000000077cc0310
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                       0000000077b61790 5 bytes JMP 0000000077cc03c0
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                    0000000077b617e0 5 bytes JMP 0000000077cc03f0
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                       0000000077b61940 5 bytes JMP 0000000077cc0230
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                            0000000077b61b00 5 bytes JMP 0000000077cc0480
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                           0000000077b61b30 5 bytes JMP 0000000077cc03a0
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                    0000000077b61c10 5 bytes JMP 0000000077cc02f0
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                 0000000077b61c20 5 bytes JMP 0000000077cc0350
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                       0000000077b61c80 5 bytes JMP 0000000077cc0290
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                    0000000077b61d10 5 bytes JMP 0000000077cc02b0
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                     0000000077b61d30 5 bytes JMP 0000000077cc03d0
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                        0000000077b61d40 5 bytes JMP 0000000077cc0330
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                 0000000077b61db0 5 bytes JMP 0000000077cc0410
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                    0000000077b61de0 5 bytes JMP 0000000077cc0240
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                         0000000077b620a0 5 bytes JMP 0000000077cc01e0
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                    0000000077b62160 5 bytes JMP 0000000077cc0250
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                    0000000077b62190 5 bytes JMP 0000000077cc0490
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                           0000000077b621a0 5 bytes JMP 0000000077cc04a0
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                      0000000077b621d0 5 bytes JMP 0000000077cc0300
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                   0000000077b621e0 5 bytes JMP 0000000077cc0360
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                         0000000077b62240 5 bytes JMP 0000000077cc02a0
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                      0000000077b62290 5 bytes JMP 0000000077cc02c0
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                         0000000077b622c0 5 bytes JMP 0000000077cc0380
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                          0000000077b622d0 5 bytes JMP 0000000077cc0340
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                   0000000077b625c0 5 bytes JMP 0000000077cc0440
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                  0000000077b627c0 5 bytes JMP 0000000077cc0260
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                     0000000077b627d0 5 bytes JMP 0000000077cc0270
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                   0000000077b627e0 5 bytes JMP 0000000077cc0400
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                               0000000077b629a0 5 bytes JMP 0000000077cc01f0
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                0000000077b629b0 5 bytes JMP 0000000077cc0210
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                     0000000077b62a20 5 bytes JMP 0000000077cc0200
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                     0000000077b62a80 5 bytes JMP 0000000077cc0420
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                      0000000077b62a90 5 bytes JMP 0000000077cc0430
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                 0000000077b62aa0 5 bytes JMP 0000000077cc0220
.text     C:\Windows\system32\taskhost.exe[5560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                         0000000077b62b80 5 bytes JMP 0000000077cc0280
.text     C:\Users\skyerjoe\Downloads\Gmer-19357(1).exe[5612] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                 0000000075b8a2fd 1 byte [62]

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27abb                                                                               
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                          
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                       0x00 0x00 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                       0
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                    0x72 0x7B 0x6C 0x43 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a27abb (not active ControlSet)                                                           
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                      
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                           0x00 0x00 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                           0
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                        0x72 0x7B 0x6C 0x43 ...

---- EOF - GMER 2.1 ----
         
Eset-online-scanner:

Code:
ATTFilter
C:\Program Files (x86)\ICQ7.2\upgrade\2dcd1d63cb45e6613582211c3d5f4b23	Win32/OpenCandy potenziell unsichere Anwendung
C:\Program Files (x86)\ICQ7.2\upgrade\53e83dd5315bfb1f928441c9b4618b68	Win32/OpenCandy potenziell unsichere Anwendung
C:\Program Files (x86)\SIW\siw.exe	Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung
C:\UBCD4Win\UBCD4WinBuilder.iso	Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung
C:\UBCD4Win\UBCD4Windows2.iso	Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung
C:\UBCD4Win\BartPE\plugin\CDBurning\ExpressBurn\expressburn.exe	Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung
C:\UBCD4Win\BartPE\plugin\Cleanup Tools\SDFix\SDFix.exe	Win32/PrcView potenziell unsichere Anwendung
C:\UBCD4Win\BartPE\plugin\System-Info\Information\SysInfo\sysinfo.7z	Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung
C:\UBCD4Win\BartPE\PROGRAMS\ExpressBurn\expressburn.exe	Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung
C:\UBCD4Win\BartPE\PROGRAMS\sdfix\SDFix.exe	Win32/PrcView potenziell unsichere Anwendung
C:\UBCD4Win\BartPE\PROGRAMS\SysInfo\sysinfo.7z	Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung
C:\UBCD4Win\plugin\CDBurning\ExpressBurn\expressburn.exe	Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung
C:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe	Win32/PrcView potenziell unsichere Anwendung
C:\UBCD4Win\plugin\System-Info\Information\SysInfo\sysinfo.7z	Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung
C:\Users\sky\AppData\Local\Temp\AskSLib.dll	Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
C:\Users\skyerjoe\AppData\Local\Temp\AskSLib.dll	Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
C:\Users\skyerjoe\AppData\Local\Temp\is357113909\4807726_stp\wajam_validate.exe	Win32/Wajam.F evtl. unerwünschte Anwendung
C:\Users\skyerjoe\AppData\Local\Temp\is961225091\wajam_validate.exe	Win32/Wajam.F evtl. unerwünschte Anwendung
C:\Users\skyerjoe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4b211524-78b104e0	Java/Exploit.Agent.NBV Trojaner
C:\Users\skyerjoe\Desktop\FritzRePass+U3\Portable\FritzRePass.exe	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Desktop\FritzRePass+U3\U3\FritzRePassU3.exe	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Desktop\sciherung\Private\102033E6\MIDlets\[1016b656]\mini.jar	J2ME/TrojanSMS.Agent.EG Trojaner
C:\Users\skyerjoe\Desktop\siw\SIWPortable\SIWPortable.exe	Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung
C:\Users\skyerjoe\Documents\downloads\Integrated_BrotherSoft_TB.exe	Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\avira_free_antivirus_de.exe	Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung
C:\Users\skyerjoe\Downloads\cdbxp_setup_4.3.7.2356.exe	Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\skyerjoe\Downloads\Driver.Genius.Professional.10.0.0.526.rar	Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\FritzRePass1.20-U3(1).zip	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\FritzRePass1.20-U3-tmp.zip	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\FritzRePass1.20-U3.zip	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\goPod-Setup(1).exe	Win32/WinloadSDA.C evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\goPod-Setup.exe	Win32/WinloadSDA.C evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\isobuster_install.exe	Win32/SmartFileAdvisor.A evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\KeyFinderInstaller.exe	Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\skyerjoe\Downloads\NetTools5.0.70.zip	Variante von Win32/NetTool.Portscan.AA potenziell unsichere Anwendung
C:\Users\skyerjoe\Downloads\PDF XChange Viewer - CHIP-Downloader.exe	Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\ruKernelTool(1).zip	Win32/Packed.Autoit.H evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\ruKernelTool.zip	Win32/Packed.Autoit.H evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\Samsung_GSM(2G)_GT-E1200_Treiber_Update_01-2014.exe	Variante von Win32/Systweak.H evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\siw-setup(1).exe	Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung
C:\Users\skyerjoe\Downloads\siw-setup.exe	Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\SIWPortable_2011.10.29.paf.exe	Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung
C:\Users\skyerjoe\Downloads\Virtual CloneDrive - CHIP-Downloader.exe	Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\vshare-plugin.exe	Win32/TopMedia.A evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\Word Viewer - CHIP-Installer.exe	Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\ZipSetup.exe	Variante von Win32/InstallCore.IX evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\Fritz Recover\FritzRePass1.20+U3.zip	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\Fritz Recover\FritzRePass1.20+U3\FritzRePass+U3\U3\FritzRePassU3.exe	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\FritzRePass+U3\Portable\FritzRePass.exe	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\FritzRePass+U3\U3\FritzRePassU3.exe	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\FritzRePass1.20+U3\FritzRePass+U3\Portable\FritzRePass.exe	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\FritzRePass1.20+U3\FritzRePass+U3\U3\FritzRePassU3.exe	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
C:\Users\skyerjoe\Downloads\ruKernelTool(1)\ruKernelTool\_Lib_\PrettyPrintFirmwareLinkListe.exe	Win32/Packed.Autoit.H evtl. unerwünschte Anwendung
         

Alt 22.10.2014, 11:40   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. - Standard

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.



hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    DAEMON Tools Toolbar

    Funmoods Web Search

    Update for Zip Opener

    vShare.tv plugin 1.3


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.10.2014, 19:18   #8
fireskyer
 
Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. - Standard

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.



Hallo Schrauber,

Danke schonmal für die Hilfe....

Was mir persönlich wichtig wäre, den Grund zu finden, warum das passiert, also nicht nur das es nicht mehr auftritt, sondern auch warum ist es aufgetreten.

Wäre nett, wenn du das in deinem Vorgehen berücksichtigen könntest

Danke

Alt 23.10.2014, 17:35   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. - Standard

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.



Ehm, was genau meinst du?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.10.2014, 23:36   #10
fireskyer
 
Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. - Standard

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.



Zitat:
hm, was genau meinst du?
Mein nur, dass es bei manchen Säuberungen es schwer wird auf die Ursache zurückzuschließen .. ka Ahnung kenn mich da net so aus ...

Hier die Combofix.xt:

Combofix Logfile:

Code:
ATTFilter
ComboFix 14-10-21.01 - skyerjoe 22.10.2014  20:33:01.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3950.1584 [GMT 2:00]
ausgeführt von:: c:\users\skyerjoe\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\skyerjoe\AppData\Roaming\.#
c:\users\skyerjoe\plugins .txt
c:\windows\iun6002.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-09-22 bis 2014-10-22  ))))))))))))))))))))))))))))))
.
.
2014-10-22 18:46 . 2014-10-22 18:46	--------	d-----w-	c:\users\sky\AppData\Local\temp
2014-10-22 18:46 . 2014-10-22 18:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-10-21 11:37 . 2014-10-14 19:59	11627712	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{399C02BD-98AF-4861-A997-8837CCA18546}\mpengine.dll
2014-10-16 17:20 . 2014-09-29 00:58	3198976	----a-w-	c:\windows\system32\win32k.sys
2014-10-16 17:20 . 2014-06-18 22:23	156312	----a-w-	c:\windows\system32\mscorier.dll
2014-10-16 17:20 . 2014-06-18 22:23	156824	----a-w-	c:\windows\SysWow64\mscorier.dll
2014-10-16 17:20 . 2014-06-18 22:23	1131664	----a-w-	c:\windows\SysWow64\dfshim.dll
2014-10-16 17:20 . 2014-06-18 22:23	73880	----a-w-	c:\windows\system32\mscories.dll
2014-10-16 17:20 . 2014-06-18 22:23	1943696	----a-w-	c:\windows\system32\dfshim.dll
2014-10-16 17:20 . 2014-06-18 22:23	81560	----a-w-	c:\windows\SysWow64\mscories.dll
2014-10-16 17:18 . 2014-09-18 02:00	3241472	----a-w-	c:\windows\system32\msi.dll
2014-10-16 17:18 . 2014-09-18 01:32	2363904	----a-w-	c:\windows\SysWow64\msi.dll
2014-10-16 17:18 . 2014-09-04 05:23	424448	----a-w-	c:\windows\system32\rastls.dll
2014-10-16 17:18 . 2014-09-04 05:04	372736	----a-w-	c:\windows\SysWow64\rastls.dll
2014-10-16 17:16 . 2014-09-13 01:58	77312	----a-w-	c:\windows\system32\packager.dll
2014-10-16 17:16 . 2014-09-13 01:40	67072	----a-w-	c:\windows\SysWow64\packager.dll
2014-10-12 13:20 . 2014-10-12 13:20	--------	d-----w-	c:\users\sky\AppData\Local\Apple
2014-10-12 13:19 . 2014-10-12 13:19	--------	d-----w-	c:\users\sky\AppData\Local\Macromedia
2014-10-09 16:59 . 2014-10-09 16:59	--------	d-----w-	c:\program files (x86)\ESET
2014-10-07 19:38 . 2014-10-07 19:38	--------	d-----w-	c:\users\skyerjoe\AppData\Local\Microsoft_Corporation
2014-10-07 19:34 . 2014-10-07 19:34	--------	d-----w-	c:\users\MSSQL$SQLEXPRESS
2014-10-07 19:33 . 2012-02-11 08:02	45656	----a-w-	c:\windows\SysWow64\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-10-07 19:33 . 2012-02-11 06:44	54360	----a-w-	c:\windows\system32\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-10-07 19:33 . 2012-02-11 08:03	82520	----a-w-	c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr11.0.2100.60.dll
2014-10-07 19:33 . 2012-02-11 06:44	95832	----a-w-	c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.0.2100.60.dll
2014-10-07 19:33 . 2012-02-11 06:46	82520	----a-w-	c:\windows\system32\fssres.dll
2014-10-07 19:33 . 2012-02-11 06:46	180312	----a-w-	c:\windows\system32\hadrres.dll
2014-10-07 19:28 . 2014-10-07 19:28	--------	d-----w-	c:\windows\system32\RsFx
2014-10-07 19:27 . 2014-10-07 19:27	--------	d-----w-	c:\program files\Microsoft.NET
2014-10-07 19:25 . 2014-10-07 19:25	--------	d-----w-	c:\windows\SysWow64\1033
2014-10-07 19:25 . 2014-10-07 19:25	--------	d-----w-	c:\windows\system32\1033
2014-10-07 19:25 . 2014-10-08 18:07	84832	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll
2014-10-07 19:21 . 2014-10-07 19:25	--------	d-----w-	c:\windows\SysWow64\1031
2014-10-07 19:20 . 2014-10-07 19:22	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 10.0
2014-10-07 19:18 . 2014-10-07 19:18	--------	d-----w-	c:\windows\symbols
2014-10-07 19:18 . 2014-10-07 19:25	--------	d-----w-	c:\windows\system32\1031
2014-10-07 19:18 . 2014-10-07 19:18	--------	d-----w-	c:\program files\Microsoft Visual Studio 10.0
2014-10-07 19:18 . 2014-10-07 19:18	--------	d-----w-	c:\program files\Microsoft Help Viewer
2014-10-07 19:18 . 2014-10-07 19:18	--------	d-----w-	c:\program files (x86)\Microsoft SDKs
2014-10-07 19:12 . 2014-10-07 19:38	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server
2014-10-07 18:57 . 2014-10-07 19:38	--------	d-----w-	c:\program files\Microsoft SQL Server
2014-10-02 15:53 . 2014-09-25 02:08	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-10-02 15:53 . 2014-09-25 01:40	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-24 18:53 . 2014-09-09 22:11	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-24 18:53 . 2014-09-09 21:47	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-16 22:09 . 2010-06-14 22:00	103265616	----a-w-	c:\windows\system32\MRT.exe
2014-10-02 13:53 . 2010-06-29 23:44	278152	------w-	c:\windows\system32\MpSigStub.exe
2014-09-24 18:37 . 2013-11-14 15:20	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 18:37 . 2011-05-18 23:19	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-09 12:15 . 2014-09-09 12:15	2273432	----a-w-	c:\windows\SysWow64\Ddbaccpl.cpl
2014-09-09 12:15 . 2014-09-09 12:15	1659544	----a-w-	c:\windows\SysWow64\ddBACCTM.cpl
2014-08-23 02:07 . 2014-08-29 21:01	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-29 21:01	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-08-01 11:53 . 2014-09-12 16:39	1031168	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-12 16:39	793600	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2014-07-25 00:35 . 2014-07-25 00:35	875688	----a-w-	c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47	869544	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2007-03-12 16:59 . 2007-03-12 16:59	299008	----a-w-	c:\program files (x86)\navigram_register.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-06-02 12:53	433648	----a-w-	c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rohos"="c:\program files (x86)\Rohos\agent.exe" [2011-05-17 801080]
"AVMUSBFernanschluss"="c:\users\skyerjoe\AppData\Local\Apps\2.0\BTH1ZOGT.8OZ\L89TLL57.57W\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe" [2014-04-03 139264]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-10-14 784904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2010-09-05 1655296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-20 102400]
"Ext2 Volume Manager"="c:\program files\Ext2Fsd\Ext2Mgr.exe" [2011-02-05 1211536]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Tiny DHCP Server"="c:\program files (x86)\Tiny DHCP Server\dhcpsrv.exe" [2011-08-30 94208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-05-26 152392]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2011-08-02 46952]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2011-08-02 30568]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2014-06-16 139776]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
windata Zahlungserinnerung.lnk - c:\windata\Home\windataZahlungserinnerung.exe [2014-1-14 698040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 20:03	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe;c:\windows\SYSNATIVE\PrintCtrl.exe [x]
R2 Rohos Disk;Rohos Disk service;c:\program files (x86)\Rohos\agent.exe;c:\program files (x86)\Rohos\agent.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 BazisPortableCDBus;Portable WinCDEmu driver;c:\windows\system32\drivers\BazisPortableCDBus.sys;c:\windows\SYSNATIVE\drivers\BazisPortableCDBus.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.8.130\McCHSvc.exe;c:\program files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS;c:\windows\SYSNATIVE\DRIVERS\TVICHW64.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]
R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0200.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 Ext2fs;Ext2fs;c:\windows\system32\DRIVERS\ext2fs.sys;c:\windows\SYSNATIVE\DRIVERS\ext2fs.sys [x]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S1 IfsMount;IfsMount;c:\windows\system32\DRIVERS\ifsmount.sys;c:\windows\SYSNATIVE\DRIVERS\ifsmount.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz134_x64.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 RHDISK_AMD64;RHDISK_AMD64;c:\program files (x86)\Rohos\RHDISK_AMD64.SYS;c:\program files (x86)\Rohos\RHDISK_AMD64.SYS [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys;c:\windows\SYSNATIVE\DRIVERS\avmaura.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-19 07:13	1089352	----a-w-	c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-14 18:38]
.
2014-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-05 22:21]
.
2014-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-05 22:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-06-02 12:53	750064	----a-w-	c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-15 16:42	634872	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2009-08-21 878080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}: NameServer = 192.168.178.1
TCP: Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}\64259445A51224F6870264F6E60275C414E40273237303: NameServer = 192.168.178.1
TCP: Interfaces\{D61CA8A8-A9C5-4B05-8B5C-1FF6CD0702CA}: NameServer = 192.168.178.15
FF - ProfilePath - c:\users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home|hxxp://www.giga.de/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=36635f72-2fdb-11e1-a98e-54424907d5f0&q=
FF - prefs.js: network.proxy.ftp - 192.168.43.1
FF - prefs.js: network.proxy.ftp_port - 34731
FF - prefs.js: network.proxy.http - 192.168.43.1
FF - prefs.js: network.proxy.http_port - 34731
FF - prefs.js: network.proxy.socks - 192.168.43.1
FF - prefs.js: network.proxy.socks_port - 34731
FF - prefs.js: network.proxy.ssl - 192.168.43.1
FF - prefs.js: network.proxy.ssl_port - 34731
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=wbst&chnl=&cd=2XzutAtN2Y1L1QzuyB0E0D0DtDzz0C0CyDyEzztD0F0FzyzytN0D0TzutBtDtCtBtDyDtBzy&cr=132461038
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=wbst&chnl=&cd=2XzutAtN2Y1L1QzuyB0E0D0DtDzz0C0CyDyEzztD0F0FzyzytN0D0TzutBtDtCtBtDyDtBzy&cr=132461038
FF - user.js: extensions.funmoods.tlbrSrchUrl - 
FF - user.js: extensions.funmoods.id - 58e2ff990000000000007edd08cc5480
FF - user.js: extensions.funmoods.instlDay - 15489
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2223:12
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - wbst
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - 
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Rainbow Sentinel Driver - c:\windows\SYSTEM32\RNBOSENT\SETUPX86.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-22  20:52:59
ComboFix-quarantined-files.txt  2014-10-22 18:52
.
Vor Suchlauf: 29 Verzeichnis(se), 29.462.491.136 Bytes frei
Nach Suchlauf: 35 Verzeichnis(se), 31.901.159.424 Bytes frei
.
- - End Of File - - 8F8BB07D90B8EB374AE102792E837BF3
         
--- --- ---


grüße fireskyer

Alt 29.10.2014, 18:37   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. - Standard

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.



Adware. Aber wo genau, bei welchem KLick oder welcher Installation, das kann man nicht sagen.


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.10.2014, 23:04   #12
fireskyer
 
Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. - Standard

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.



Zitat:
Adware. Aber wo genau, bei welchem KLick oder welcher Installation, das kann man nicht sagen
.

Ah ok das reicht mir eigentlich schon als Diagnose, solange es kein wirklich schädliches Virus ist...

Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 30.10.2014
Suchlauf-Zeit: 20:30:17
Logdatei: malwarebytes.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.10.30.12
Rootkit Datenbank: v2014.10.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: skyerjoe

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 457179
Verstrichene Zeit: 38 Min, 56 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Tiefer Rootkit-Suchlauf: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 2
PUP.Optional.StartSear.A, C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\searchplugins\startsear.xml, In Quarantäne, [338e33e4b7c551e5d80b9a93da2929d7], 
PUP.Optional.FunMoods.A, C:\Users\skyerjoe\AppData\Local\funmoods-speeddial.crx, In Quarantäne, [e0e12ee93c40a096716df0a1ed1725db], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         

Adwcleaner:

Code:
ATTFilter
# AdwCleaner v4.002 - Bericht erstellt am 30/10/2014 um 23:09:41
# DB v2014-10-26.6
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : skyerjoe - SKYERJOE-VAIO
# Gestartet von : C:\Users\skyerjoe\Downloads\AdwCleaner_4.002.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : Partner Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Local\PackageAware
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\28omnlq6.default\Extensions\staged\ffxtlbr@funmoods.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\2s01k1bz.default\Extensions\staged\ffxtlbr@funmoods.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\hl84skt3.default\Extensions\staged\ffxtlbr@funmoods.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\qoc2jims.default\Extensions\staged\ffxtlbr@funmoods.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\28omnlq6.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\2s01k1bz.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\hl84skt3.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\qoc2jims.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Ordner Gelöscht : C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Ordner Gelöscht : C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Datei Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\user.js
Datei Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\28omnlq6.default\user.js
Datei Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\2s01k1bz.default\user.js
Datei Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\hl84skt3.default\user.js
Datei Gelöscht : C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\qoc2jims.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\Magical Jelly Bean\OpenCandy
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0 (x86 de)


-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [9488 octets] - [30/10/2014 23:05:01]
AdwCleaner[S0].txt - [8877 octets] - [30/10/2014 23:09:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8937 octets] ##########
         
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by skyerjoe on 30.10.2014 at 23:18:43,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{01027486-F7EC-4174-AABE-67DF604D8901}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{01027486-F7EC-4174-AABE-67DF604D8901}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\skyerjoe\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\skyerjoe\AppData\Roaming\thinstall"



~~~ FireFox

Successfully deleted the following from C:\Users\skyerjoe\AppData\Roaming\mozilla\firefox\profiles\038mguur.default\prefs.js

user_pref("betterfacebook.100001728981609/prefs", "{\"installed_on_5\":1312824336483,\"last_message_check\":1316183404281,\"donate_check_time\":1316278251071,\"last_tip_check\
user_pref("browser.search.defaultengine", "Web Search");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.asktb.cbid", "PV");
user_pref("extensions.asktb.crumb", "2011.08.08+10.24.48-toolbar008iad-DE-TnVyZW1iZXJnLEdlcm1hbnk%3D");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}");
user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1312966819950");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.o", "15000");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "7");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.v", "3.9.1.100006");
user_pref("extensions.funmoods.aflt", "wbst");
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
user_pref("extensions.funmoods.cntry", "DE");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", false);
user_pref("extensions.funmoods.dfltlng", "en");
user_pref("extensions.funmoods.dfltsrch", "false");
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hdrMd5", "020026FB59543215288E38223A46A7D3");
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=wbst&chnl=&cd=2XzutAtN2Y1L1QzuyB0E0D0DtDzz0C0CyDyEzztD0F0FzyzytN0D0TzutBtDtCtBtDyDtBzy&cr=132461038"
user_pref("extensions.funmoods.hrdid", "58e2ff990000000000007edd08cc5480");
user_pref("extensions.funmoods.id", "58e2ff990000000000007edd08cc5480");
user_pref("extensions.funmoods.instlDay", "15489");
user_pref("extensions.funmoods.instlRef", "");
user_pref("extensions.funmoods.instlday", "15489");
user_pref("extensions.funmoods.instlref", "");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.keywordurl", "");
user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2223:12:46");
user_pref("extensions.funmoods.logicsmngrdailyreporttime", "18-06-2012");
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
user_pref("extensions.funmoods.newTab", true);
user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=wbst&chnl=&cd=2XzutAtN2Y1L1QzuyB0E0D0DtDzz0C0CyDyEzztD0F0FzyzytN0D0TzutBtDtCtBtDyDtBzy&cr=13246103
user_pref("extensions.funmoods.newtab", true);
user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=wbst&chnl=&cd=2XzutAtN2Y1L1QzuyB0E0D0DtDzz0C0CyDyEzztD0F0FzyzytN0D0TzutBtDtCtBtDyDtBzy&cr=13246103
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.prtnrid", "funmoods");
user_pref("extensions.funmoods.savedVrsnTs", "1");
user_pref("extensions.funmoods.sg", "none");
user_pref("extensions.funmoods.smplGrp", "none");
user_pref("extensions.funmoods.smplgrp", "none");
user_pref("extensions.funmoods.srch", "");
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.srchprvdr", "Search");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "");
user_pref("extensions.funmoods.tlbrid", "base");
user_pref("extensions.funmoods.tlbrsrchurl", "");
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsnTs", "1.5.23.2223:12:46");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods.vrsnts", "1.5.23.2223:12:46");
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2223:12:46");
user_pref("keyword.URL", "hxxp://startsear.ch/?aff=1&src=sp&cf=36635f72-2fdb-11e1-a98e-54424907d5f0&q=");
Emptied folder: C:\Users\skyerjoe\AppData\Roaming\mozilla\firefox\profiles\038mguur.default\minidumps [80 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\skyerjoe\appdata\local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.10.2014 at 23:24:43,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST:

frst.txt:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01
Ran by skyerjoe (administrator) on SKYERJOE-VAIO on 30-10-2014 23:53:40
Running from C:\Users\skyerjoe\Downloads
Loaded Profile: skyerjoe (Available profiles: skyerjoe & sky & MSSQL$SQLEXPRESS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Tesline-Service SRL) C:\Program Files (x86)\Rohos\agent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-16] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [PrintDisp] => C:\Windows\system32\PrintDisp.exe [878080 2009-08-21] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-21] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1655296 2010-09-05] (Dominik Reichl)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ext2 Volume Manager] => C:\Program Files\Ext2Fsd\Ext2Mgr.exe [1211536 2011-02-05] (Ext2Fsd Group (www.ext2fsd.com))
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Tiny DHCP Server] => C:\Program Files (x86)\Tiny DHCP Server\dhcpsrv.exe [94208 2011-08-30] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [Rohos] => C:\Program Files (x86)\Rohos\agent.exe [801080 2011-05-17] (Tesline-Service SRL)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\skyerjoe\AppData\Local\Apps\2.0\BTH1ZOGT.8OZ\L89TLL57.57W\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-04-03] (AVM Berlin)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
AppInit_DLLs: C:\Windows\System32\acaptuser64.dll => C:\Windows\System32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\windata Zahlungserinnerung.lnk
ShortcutTarget: windata Zahlungserinnerung.lnk -> C:\windata\Home\windataZahlungserinnerung.exe (windata GmbH & Co.KG)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {2ACC42B3-35D9-443C-A196-98B24C83B63A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
SearchScopes: HKCU - {35F08D01-53EE-40D5-9B58-2E54616CA883} URL = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
SearchScopes: HKCU - {529538C8-6480-4BF9-9D9D-847EE0E86B93} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {D4458402-FDE2-4BEA-B7CC-D06F9B2A768F} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Tcpip\..\Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}: [NameServer] 192.168.178.1
Tcpip\..\Interfaces\{D61CA8A8-A9C5-4B05-8B5C-1FF6CD0702CA}: [NameServer] 192.168.178.15

FireFox:
========
FF ProfilePath: C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default
FF SelectedSearchEngine: Google
FF Homepage: about:home|hxxp://www.giga.de/
FF NetworkProxy: "backup.ftp", "192.168.43.1"
FF NetworkProxy: "backup.ftp_port", 3431
FF NetworkProxy: "backup.socks", "192.168.43.1"
FF NetworkProxy: "backup.socks_port", 3431
FF NetworkProxy: "backup.ssl", "192.168.43.1"
FF NetworkProxy: "backup.ssl_port", 3431
FF NetworkProxy: "ftp", "192.168.43.1"
FF NetworkProxy: "ftp_port", 34731
FF NetworkProxy: "http", "192.168.43.1"
FF NetworkProxy: "http_port", 34731
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.43.1"
FF NetworkProxy: "socks_port", 34731
FF NetworkProxy: "ssl", "192.168.43.1"
FF NetworkProxy: "ssl_port", 34731
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\searchplugins\gutscheinsuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: FreeSpeechMe - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\convergence@dot-bit.org [2014-05-16]
FF Extension: FoxyProxy Standard - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\foxyproxy@eric.h.jung [2014-09-05]
FF Extension: Bitdefender QuickScan - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-17]
FF Extension: Social Fixer - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\betterfacebook@mattkruse.com.xpi [2011-08-08]
FF Extension: Facebook Chat History Manager - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\fbchathistory@firechm.com.xpi [2011-08-09]
FF Extension: FireNes - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\firenes@facundo.zaldo.xpi [2012-01-03]
FF Extension: Premiumize.me - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\jid1-sirVJT0BXhkuJg@jetpack.xpi [2014-07-15]
FF Extension: Deutsch (DE) Language Pack - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2011-12-28]
FF Extension: Stealthy - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\stealthyextension@gmail.com.xpi [2011-10-30]
FF Extension: Flagfox - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-12]
FF Extension: Encrypted Communication - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{52a7f893-d228-412e-9b28-bc61491462f6}.xpi [2014-02-05]
FF Extension: BugMeNot Plugin - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2011-07-17]
FF Extension: Adblock Plus - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-10]
FF Extension: Torbutton - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2011-08-18]
FF Extension: User Agent Switcher - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-06-20]
FF Extension: WorldIP - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2011-08-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-10]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome: 
=======
CHR Profile: C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (avast! SafePrice) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-14]
CHR Extension: (avast! Online Security) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-14]
CHR Extension: (Google Wallet) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Printer Control; C:\Windows\system32\PrintCtrl.exe [77824 2009-06-16] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
R2 Rohos Disk; C:\Program Files (x86)\Rohos\agent.exe [801080 2011-05-17] (Tesline-Service SRL)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-27] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-15] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2014-04-03] (AVM Berlin)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [268896 2014-04-03] (SysProgs.org)
R1 Ext2fs; C:\Windows\System32\DRIVERS\ext2fs.sys [270272 2008-09-25] (Stephan Schreiber)
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [769816 2011-07-09] (www.ext2fsd.com)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-04-08] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-12-03] (Paragon Software Group)
R1 IfsMount; C:\Windows\System32\DRIVERS\ifsmount.sys [80320 2008-08-28] (Stephan Schreiber)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7778176 2009-12-16] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [244736 2009-12-16] (Intel(R) Corporation) [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-30] (Malwarebytes Corporation)
R2 regi; C:\Windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo)
R2 RHDISK_AMD64; C:\Program Files (x86)\Rohos\RHDISK_AMD64.SYS [31408 2009-07-24] (Tesline-Service SRL)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 Sntnlusb; C:\Windows\SysWOW64\DRIVERS\SNTNLUSB.SYS [26120 2002-12-16] (Rainbow Technologies Inc.)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-06-10] (Duplex Secure Ltd.)
S3 TVICHW64; C:\Windows\system32\DRIVERS\TVICHW64.SYS [21200 2010-08-30] (EnTech Taiwan)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113952 2014-02-25] (Oracle Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 23:52 - 2014-10-30 23:52 - 00000000 ____D () C:\Users\skyerjoe\Downloads\FRST-OlderVersion
2014-10-30 23:51 - 2014-10-30 23:51 - 00001067 _____ () C:\Users\skyerjoe\Desktop\JRT.txt
2014-10-30 23:38 - 2014-10-30 23:38 - 00000020 _____ () C:\Users\skyerjoe\defogger_reenable
2014-10-30 23:24 - 2014-10-30 23:24 - 00005807 _____ () C:\Users\skyerjoe\Downloads\JRT.txt
2014-10-30 23:18 - 2014-10-30 23:18 - 00000000 ____D () C:\Windows\ERUNT
2014-10-30 23:13 - 2014-10-30 23:13 - 00009077 _____ () C:\Users\skyerjoe\Downloads\AdwCleaner[S0].txt
2014-10-30 23:08 - 2014-10-30 23:08 - 00009488 _____ () C:\Users\skyerjoe\Downloads\AdwCleaner[R0].txt
2014-10-30 23:01 - 2014-10-30 23:09 - 00000000 ____D () C:\AdwCleaner
2014-10-30 23:01 - 2014-10-30 23:01 - 01706144 _____ (Thisisu) C:\Users\skyerjoe\Downloads\JRT.exe
2014-10-30 21:15 - 2014-10-30 21:15 - 00001529 _____ () C:\Users\skyerjoe\Downloads\malwarebytes.txt
2014-10-30 21:14 - 2014-10-30 21:14 - 00001502 _____ () C:\Users\skyerjoe\Documents\malwarebyte.txt
2014-10-30 20:41 - 2014-10-30 20:41 - 02857530 _____ (Machinecode Technologies) C:\Users\skyerjoe\Downloads\Secure_Banking_2.0.1.exe
2014-10-30 20:31 - 2014-10-30 20:31 - 01998336 _____ () C:\Users\skyerjoe\Downloads\AdwCleaner_4.002.exe
2014-10-30 20:29 - 2014-10-30 23:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-30 20:29 - 2014-10-30 20:29 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\skyerjoe\Downloads\mbam-setup-2.0.3.1025(1).exe
2014-10-30 20:29 - 2014-10-30 20:29 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-30 20:29 - 2014-10-30 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-30 20:29 - 2014-10-30 20:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-30 20:29 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-30 20:29 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-30 20:29 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-30 20:25 - 2014-10-30 20:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\skyerjoe\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-24 20:20 - 2014-10-24 20:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-24 19:45 - 2014-10-24 19:57 - 00000000 ____D () C:\Users\sky\Desktop\Arbeitsstick
2014-10-24 19:41 - 2014-10-24 19:43 - 00000000 ____D () C:\Users\sky\AppData\Roaming\MediaMonkey
2014-10-24 19:41 - 2014-10-24 19:41 - 00000000 ____D () C:\Users\sky\AppData\Local\MediaMonkey
2014-10-24 19:36 - 2014-10-24 20:26 - 00000000 ____D () C:\Users\sky\Downloads\k.stick
2014-10-24 19:35 - 2014-10-24 19:39 - 00000000 ____D () C:\Users\sky\AppData\Roaming\TeraCopy
2014-10-24 19:32 - 2014-10-24 19:45 - 00000000 ____D () C:\Users\sky\AppData\Roaming\vlc
2014-10-24 19:32 - 2014-10-24 19:32 - 00000000 ____D () C:\Users\sky\AppData\Roaming\Corel
2014-10-24 19:30 - 2014-10-24 19:30 - 00000000 ____D () C:\Users\sky\Corel
2014-10-22 21:27 - 2014-10-22 21:26 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-22 21:05 - 2014-10-22 21:06 - 92658088 _____ (Oracle Corporation) C:\Users\skyerjoe\Downloads\jre-8u25-windows-x64.exe
2014-10-22 19:52 - 2014-10-22 19:52 - 00033333 _____ () C:\ComboFix.txt
2014-10-22 19:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-22 19:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-22 19:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-22 19:29 - 2014-10-22 19:53 - 00000000 ____D () C:\Qoobox
2014-10-22 19:29 - 2014-10-22 19:48 - 00000000 ____D () C:\Windows\erdnt
2014-10-22 19:23 - 2014-10-22 19:23 - 05584933 ____R (Swearware) C:\Users\skyerjoe\Downloads\ComboFix.exe
2014-10-22 17:14 - 2014-10-22 17:14 - 00000000 ____D () C:\Users\skyerjoe\Downloads\RevoUninstallerPortable
2014-10-22 17:13 - 2014-10-22 17:13 - 02785665 _____ (PortableApps.com) C:\Users\skyerjoe\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2014-10-22 00:27 - 2014-10-22 00:27 - 00454448 _____ () C:\Windows\Minidump\102214-38111-01.dmp
2014-10-21 22:32 - 2014-10-21 22:59 - 00045524 _____ () C:\Users\skyerjoe\Desktop\logs.rar
2014-10-21 20:40 - 2014-10-21 21:30 - 00125204 _____ () C:\Users\skyerjoe\Downloads\Shortcut.txt
2014-10-21 19:58 - 2014-10-21 21:59 - 00508927 _____ () C:\Users\skyerjoe\Desktop\gmer.log
2014-10-21 19:32 - 2014-10-21 19:32 - 00060979 _____ () C:\Users\skyerjoe\Downloads\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2014-10-21 19:32 - 2014-10-21 19:32 - 00000000 ____D () C:\Users\skyerjoe\Downloads\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board_files
2014-10-21 19:28 - 2014-10-21 19:28 - 00380416 _____ () C:\Users\skyerjoe\Downloads\Gmer-19357(1).exe
2014-10-21 19:08 - 2014-10-21 22:00 - 00000292 _____ () C:\Users\skyerjoe\Downloads\defogger_enable.log
2014-10-21 19:07 - 2014-10-21 19:07 - 00050477 _____ () C:\Users\skyerjoe\Downloads\Defogger(1).exe
2014-10-21 13:09 - 2014-10-21 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-10-19 16:52 - 2014-10-19 16:52 - 00005118 _____ () C:\Users\skyerjoe\Downloads\eset-kompl.txt
2014-10-18 15:13 - 2014-10-18 15:13 - 00924173 _____ () C:\Users\skyerjoe\Downloads\BrMain480(1).exe
2014-10-18 13:03 - 2014-10-18 13:03 - 00000725 _____ () C:\Users\skyerjoe\Downloads\eset.txt
2014-10-18 12:59 - 2014-10-18 12:59 - 00000000 ____D () C:\Users\skyerjoe\Downloads\nettool
2014-10-18 12:58 - 2014-10-18 12:58 - 00980304 _____ (A.I.SOFT,INC.) C:\Users\skyerjoe\Downloads\nettool_1270.EXE
2014-10-18 11:41 - 2014-10-18 11:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox4
2014-10-16 18:20 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 18:20 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 18:19 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 18:19 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 18:19 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 18:19 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 18:19 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 18:19 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 18:19 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 18:19 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 18:19 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 18:19 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 18:19 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 18:19 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 18:19 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 18:19 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 18:19 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 18:19 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 18:19 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 18:19 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 18:19 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 18:19 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 18:19 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 18:19 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 18:19 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 18:19 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 18:19 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 18:19 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 18:19 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 18:19 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 18:19 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 18:19 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 18:19 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 18:19 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 18:19 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 18:19 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 18:19 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 18:19 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 18:19 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 18:19 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 18:19 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 18:19 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 18:19 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 18:19 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 18:19 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 18:19 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 18:19 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 18:19 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 18:19 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 18:19 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 18:19 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 18:19 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 18:19 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 18:19 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 18:19 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 18:19 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 18:19 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 18:18 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 18:18 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 18:18 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 18:18 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 18:17 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 18:17 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 18:17 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 18:17 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 18:17 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 18:17 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 18:17 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 18:17 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 18:17 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 18:17 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 18:16 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 18:16 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-12 14:47 - 2014-10-12 14:47 - 00000000 ____D () C:\Users\sky\Desktop\Old Firefox Data
2014-10-12 14:20 - 2014-10-12 14:20 - 00000000 ____D () C:\Users\sky\AppData\Local\Apple
2014-10-12 14:19 - 2014-10-12 14:19 - 00000000 ____D () C:\Users\sky\AppData\Local\Macromedia
2014-10-10 17:13 - 2014-10-10 17:13 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\skyerjoe\Downloads\SandboxieInstall.exe
2014-10-10 17:02 - 2014-10-10 17:02 - 01915297 _____ () C:\Users\skyerjoe\Downloads\Secure Banking v2.0.1.rar
2014-10-09 17:59 - 2014-10-09 17:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-09 16:57 - 2014-10-09 16:57 - 00000000 ____D () C:\Users\skyerjoe\Downloads\Rootkit_Remover_3022
2014-10-09 16:56 - 2014-10-09 16:57 - 15258612 _____ () C:\Users\skyerjoe\Downloads\Rootkit_Remover_3022.zip
2014-10-08 19:05 - 2014-10-08 19:05 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-10-08 19:05 - 2014-10-08 19:05 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-10-07 20:57 - 2014-10-21 17:46 - 00000000 ____D () C:\Users\skyerjoe\Downloads\cr_example_db
2014-10-07 20:38 - 2014-10-07 20:38 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Microsoft_Corporation
2014-10-07 20:34 - 2014-10-07 22:16 - 00000000 ____D () C:\Users\skyerjoe\Documents\SQL Server Management Studio
2014-10-07 20:34 - 2014-10-07 20:34 - 00000020 ___SH () C:\Users\MSSQL$SQLEXPRESS\ntuser.ini
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Vorlagen
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Startmenü
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Netzwerkumgebung
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Lokale Einstellungen
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Eigene Dateien
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Druckumgebung
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Documents\Eigene Musik
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Documents\Eigene Bilder
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Verlauf
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Anwendungsdaten
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Anwendungsdaten
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS
2014-10-07 20:34 - 2014-04-02 22:17 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Macromedia
2014-10-07 20:34 - 2013-12-05 19:46 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Apple
2014-10-07 20:34 - 2010-06-11 15:44 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Microsoft Help
2014-10-07 20:34 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-07 20:34 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-07 20:33 - 2012-02-11 09:03 - 00082520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr11.0.2100.60.dll
2014-10-07 20:33 - 2012-02-11 09:02 - 00045656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-10-07 20:33 - 2012-02-11 07:46 - 00180312 _____ (Microsoft Corporation) C:\Windows\system32\hadrres.dll
2014-10-07 20:33 - 2012-02-11 07:46 - 00082520 _____ (Microsoft Corporation) C:\Windows\system32\fssres.dll
2014-10-07 20:33 - 2012-02-11 07:44 - 00095832 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.0.2100.60.dll
2014-10-07 20:33 - 2012-02-11 07:44 - 00054360 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-10-07 20:28 - 2014-10-07 20:28 - 00000000 ____D () C:\Windows\system32\RsFx
2014-10-07 20:26 - 2014-10-07 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-10-07 20:25 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-10-07 20:25 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\system32\1033
2014-10-07 20:24 - 2014-10-07 20:24 - 00000000 ____D () C:\Users\skyerjoe\Documents\Visual Studio 2010
2014-10-07 20:21 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\SysWOW64\1031
2014-10-07 20:20 - 2014-10-07 20:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-10-07 20:18 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\system32\1031
2014-10-07 20:18 - 2014-10-07 20:18 - 00000000 ____D () C:\Windows\symbols
2014-10-07 20:18 - 2014-10-07 20:18 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-10-07 20:18 - 2014-10-07 20:18 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-10-07 20:18 - 2014-10-07 20:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-10-07 20:12 - 2014-10-07 20:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-10-07 20:12 - 2014-10-07 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2014-10-07 20:05 - 2014-10-07 20:07 - 18411567 _____ () C:\Users\skyerjoe\Downloads\cr_xi_xtreme_rep_smpl_en.zip
2014-10-07 19:57 - 2014-10-07 20:38 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-10-07 19:40 - 2014-10-07 19:51 - 742686296 _____ (Microsoft Corporation) C:\Users\skyerjoe\Downloads\SQLEXPRWT_x64_DEU.exe
2014-10-02 16:53 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-02 16:53 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-02 16:50 - 2014-10-04 14:18 - 00001101 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 23:54 - 2014-04-09 22:30 - 00031726 _____ () C:\Users\skyerjoe\Downloads\FRST.txt
2014-10-30 23:53 - 2014-04-09 22:30 - 00000000 ____D () C:\FRST
2014-10-30 23:52 - 2014-04-09 22:21 - 02113536 _____ (Farbar) C:\Users\skyerjoe\Downloads\FRST64.exe
2014-10-30 23:50 - 2009-07-14 05:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-30 23:50 - 2009-07-14 05:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-30 23:46 - 2010-06-02 13:47 - 01744315 _____ () C:\Windows\WindowsUpdate.log
2014-10-30 23:44 - 2014-01-10 11:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-30 23:43 - 2011-06-13 18:04 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Deployment
2014-10-30 23:42 - 2014-02-05 23:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-30 23:40 - 2012-03-15 15:14 - 00056045 _____ () C:\Windows\setupact.log
2014-10-30 23:40 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-30 23:38 - 2014-04-09 22:25 - 00000588 _____ () C:\Users\skyerjoe\Downloads\defogger_disable.log
2014-10-30 23:38 - 2010-06-02 14:48 - 00000000 ____D () C:\Users\skyerjoe
2014-10-30 23:37 - 2013-12-21 01:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-30 23:18 - 2014-02-05 23:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-30 23:11 - 2012-03-19 01:07 - 00326512 _____ () C:\Windows\PFRO.log
2014-10-30 20:26 - 2010-06-02 14:40 - 00806468 _____ () C:\Windows\system32\perfh007.dat
2014-10-30 20:26 - 2010-06-02 14:40 - 00184872 _____ () C:\Windows\system32\perfc007.dat
2014-10-30 20:26 - 2009-07-14 06:13 - 01889308 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-30 20:23 - 2010-06-02 14:55 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B07B1A65-7663-4533-B9F1-3274CBE7C8AF}
2014-10-29 00:19 - 2014-02-05 23:21 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-24 20:20 - 2011-04-03 18:09 - 00000000 ____D () C:\Users\sky\AppData\Roaming\Apple Computer
2014-10-24 20:18 - 2011-04-03 18:09 - 00000000 ____D () C:\Users\sky\AppData\Local\Apple Computer
2014-10-24 19:33 - 2011-04-03 18:09 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{98ADFF9C-7640-4C3E-A3B7-468DC3BE102F}
2014-10-24 19:30 - 2010-11-23 16:39 - 00000000 ____D () C:\Users\sky
2014-10-22 21:26 - 2013-11-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-22 21:25 - 2013-11-14 16:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-22 21:25 - 2011-01-12 23:51 - 00000000 ____D () C:\Program Files\Java
2014-10-22 21:24 - 2010-12-31 16:44 - 00002168 _____ () C:\Windows\Sandboxie.ini
2014-10-22 19:53 - 2011-06-13 18:04 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Apps\2.0
2014-10-22 19:53 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-10-22 19:47 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-22 19:39 - 2010-06-10 16:29 - 00000000 _RSHD () C:\ProgramData\Temp
2014-10-22 17:13 - 2014-02-05 23:21 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 17:13 - 2014-02-05 23:21 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 00:27 - 2011-10-05 22:33 - 00000000 ____D () C:\Program Files (x86)\Rohos
2014-10-22 00:27 - 2011-05-17 00:00 - 00000000 ____D () C:\Windows\Minidump
2014-10-22 00:26 - 2012-04-04 23:08 - 719861678 _____ () C:\Windows\MEMORY.DMP
2014-10-21 23:21 - 2010-07-20 19:17 - 00000000 ____D () C:\Users\skyerjoe\AppData\Roaming\Notepad++
2014-10-21 23:10 - 2010-07-20 19:17 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-10-21 21:30 - 2014-04-09 22:32 - 00068002 _____ () C:\Users\skyerjoe\Downloads\Addition.txt
2014-10-19 22:15 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-18 16:56 - 2010-06-21 16:42 - 00000000 ____D () C:\Users\skyerjoe\USB-Stick
2014-10-18 16:54 - 2011-05-08 13:50 - 00000000 ____D () C:\Program Files\UlisesSoft
2014-10-18 13:06 - 2012-04-27 15:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-18 12:58 - 2014-06-20 00:17 - 00000000 ____D () C:\ProgramData\InstallShield
2014-10-18 12:55 - 2014-06-21 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-10-17 17:03 - 2014-01-11 18:18 - 00000000 ____D () C:\Windows\rescache
2014-10-17 14:03 - 2009-07-14 05:45 - 00453736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 23:55 - 2010-06-02 13:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 23:49 - 2013-11-15 16:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 23:09 - 2010-06-14 23:00 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 14:13 - 2014-07-15 17:29 - 00000000 ____D () C:\Users\sky\AppData\Roaming\ControlCenter4
2014-10-12 14:13 - 2011-04-03 18:10 - 00000000 ____D () C:\Users\sky\AppData\Local\Mozilla
2014-10-10 15:22 - 2010-12-31 16:44 - 00001318 _____ () C:\Users\skyerjoe\Desktop\Sandboxed Web Browser.lnk
2014-10-07 20:56 - 2014-06-20 00:09 - 00000000 ____D () C:\Program Files (x86)\Business Objects
2014-10-07 20:31 - 2010-06-02 13:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-07 20:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-07 20:02 - 2013-11-19 16:59 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\JDownloader v2.0
2014-10-04 14:18 - 2010-06-10 14:44 - 00000000 ____D () C:\Update
2014-10-02 16:50 - 2011-04-19 23:34 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-10-02 16:50 - 2010-01-29 23:44 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-10-02 16:49 - 2010-06-02 14:41 - 00000000 ____D () C:\Program Files\Sony
2014-10-02 16:49 - 2010-01-29 22:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-02 15:53 - 2010-06-30 00:44 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\skyerjoe\fbchathistory.dat


Some content of TEMP:
====================
C:\Users\sky\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\skyerjoe\AppData\Local\Temp\Quarantine.exe
C:\Users\skyerjoe\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-17 16:54

==================== End Of Log ============================
         
--- --- ---






grüße fireskyer

Alt 30.10.2014, 23:08   #13
fireskyer
 
Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. - Standard

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.



FRST:

addition.txt:

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 01
Ran by skyerjoe at 2014-10-30 23:55:16
Running from C:\Users\skyerjoe\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Advanced IP Scanner v1.5 (HKLM-x32\...\Advanced IP Scanner v1.5) (Version:  - )
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version:  - )
Alax.Info DHCP Server 1.0.6 (HKLM-x32\...\{F778CD06-CB21-4D58-92B7-3A21B6D8F009}) (Version: 1.0.6 - Alax.Info)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Alt.Binz 0.25.0 (HKLM-x32\...\Alt.Binz) (Version: 0.25.0 - Rdl)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.278 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{5BC83141-83DD-07BE-C940-04B385540F04}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Binbot version 2.0 (HKLM-x32\...\binbot2.0_is1) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J4510DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCcamInfoPHP v0.8.6 (DT5) (HKLM-x32\...\{F5E2B845-0C4A-452D-A24D-8E9C1B1858F0}) (Version: 1.0.0 - .)
ccc-core-static (x32 Version: 2010.0920.2143.37117 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
Click to Disc MergeModules x64 (Version: 1.0.14230 - Sony Corporation) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.538 - Corel Inc.)
CPUID CPU-Z 1.55 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crystal Reports XI Release 2 (HKLM-x32\...\{94FB0978-D094-40C7-91D7-834D39220D4A}) (Version: 11.5.0.31327 - Business Objects)
Defraggler (HKLM\...\Defraggler) (Version: 2.09 - Piriform)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EasyBCD 1.7.2 (HKLM-x32\...\EasyBCD) (Version: 1.7.2 - NeoSmart Technologies)
EasyBoot V5.12 (HKLM-x32\...\EasyBoot_is1) (Version:  - )
Einstellungen für VAIO-Inhaltsüberwachung (HKLM-x32\...\{06C05B90-2127-4933-8ABA-61833BDE13FA}) (Version: 2.6.0.11050 - Sony Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.0.545 - Evernote Corp.)
Ext2 IFS 1.11a for Windows Vista/2008 (HKLM\...\Ext2Ifs_for_NT6) (Version:  - )
Ext2Fsd 0.51 (HKLM\...\Ext2Fsd_is1) (Version: 0.51 - Matt Wu)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FOCA Free (HKLM-x32\...\{54A9B87F-7966-41B7-96C7-01D7EF462813}) (Version: 2.6.1 - Informatica64)
Foldit (HKLM-x32\...\Foldit) (Version:  - )
FRITZ!Box USB-Fernanschluss (HKCU\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
H.M.S Fsim 4.01 (HKLM-x32\...\Fsim 4.01_is1) (Version: 4.01 - H.M.S Software)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HP Photosmart Prem C410 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}) (Version: 14.0 - HP)
ICQ7.2 (HKLM-x32\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
ImageMagick 6.7.6-5 Q16 (2012-05-01) (HKLM-x32\...\ImageMagick 6.7.6 Q16_is1) (Version: 6.7.6 - ImageMagick Studio LLC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
inSSIDer 2.0 (HKLM\...\{57019733-78E6-43DE-8E6D-55349F0FDE6F}) (Version: 2.0.7 - MetaGeek)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
IsoBuster 3.3 (HKLM-x32\...\IsoBuster_is1) (Version: 3.3 - Smart Projects)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
JDiskReport 1.4.0 (HKLM-x32\...\JDiskReport 1.4.0) (Version: 1.4.0 (2012-01-20 11:38:43) - JGoodies Karsten Lentzsch)
JDownloader (HKLM-x32\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt))
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 2.13 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.8.1 - Magical Jelly Bean)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.1.1.11200 - Sony Corporation)
Media Gallery (x32 Version: 1.1.1.11200 - Sony Corporation) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Device Emulator (64 Bit) Version 3.0 - DEU (HKLM\...\{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Diagnostics and Recovery Toolset 6.0 (HKLM\...\{1B285B8A-161F-4ACE-86D7-89EF0775EDCB}) (Version: 6.00.0000 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Report Viewer 2012-Laufzeit (HKLM-x32\...\{F2C6E9F1-8F35-42A0-A9CA-E6C94D92A86C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{5973B12E-5FC1-4EF6-B63B-49C1C4AF2AAA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-Bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A282A232-780C-45E2-A5E5-9B61D74DCC6E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - DEU (HKLM-x32\...\{987AE03F-234A-3623-BD28-6B31FD1D3AB3}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer für SQL Server 2012 (HKLM\...\{7647B46D-D4E6-43A5-AC9D-0BAA28C63271}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.1 - mIRC Co. Ltd.)
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.9 - 3r1c)
MKVtoolnix 4.4.0 (HKLM-x32\...\MKVtoolnix) (Version: 4.4.0 - Moritz Bunkus)
MobileMe Control Panel (HKLM\...\{56F26668-13DA-497A-883F-61434A10CBAB}) (Version: 3.1.5.0 - Apple Inc.)
MozBackup 1.5 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-GB)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\{AB259D46-F851-41B0-9AFA-AED8998AD68A}) (Version: 2.0.0.1067 - Omnifone)
Nero 8 Micro 8.3.6.0 (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.6.0 - Updatepack.nl)
Nero 9 Lite (HKLM-x32\...\{3484e694-66bc-40b5-88d9-dc7ead01b92f}) (Version:  - Nero AG)
NetSHGUI (HKLM-x32\...\{34CF2DC1-9138-4671-9C2F-D318FFC80AC0}) (Version: 1.0.0 - Tim Brigham)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Newsbin Pro (HKLM\...\Newsbin6) (Version: 6.00 - DJI Interprises, LLC)
NewsLeecher v4.0 Final (HKLM-x32\...\NewsLeecher_is1) (Version:  - )
nLite 1.4.9.1 (HKLM-x32\...\nLite_is1) (Version: 1.4.9.1 - Dino Nuhagic (nuhi))
NNTPGrab (64bit) (HKLM\...\NNTPGrab (64bit)) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NSClient++ (x64) (HKLM\...\{D9C026DE-16B9-4286-AFB1-3117B88D9769}) (Version: 0.3.8.76 - MySolutions NORDIC)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenSSL 1.0.1 Light (32-bit) (HKLM-x32\...\OpenSSL Light (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
OpenVPN Tap Adapter 9.0 (HKLM-x32\...\OpenVPN Tap Adapter) (Version:  - )
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)
OverPlay VPN (HKCU\...\4f1f873ae9d5c649) (Version: 1.0.0.50 - OverPlay)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Paragon Partition Manager™ 10.0 Professional (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
pCon.planner 6.3 (HKLM-x32\...\pCon.planner 6.3) (Version: 6.3.0.101 - EasternGraphics)
pCon.planner 6.3 (x32 Version: 6.3.0.101 - EasternGraphics) Hidden
PE Builder 3.1.10a (HKLM-x32\...\PE Builder_is1) (Version:  - Bart Lagerweij)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.2 - )
PKR (HKLM-x32\...\PKR) (Version:  - PKR Ltd)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.0.00.10260 - Sony Corporation)
PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}) (Version: 1.2.00.15250 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.2.00.15250 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.2.00.16060 - Sony Corporation)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.2.00.16060 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.2.00.15250 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.2.00.15250 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.2.00.15250 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.2.00.15250 - Sony Corporation) Hidden
Polipo 1.0.4.1 (HKLM-x32\...\Polipo) (Version:  - )
PS_AIO_07_C410_SW_Min (x32 Version: 140.0.273.000 - Hewlett-Packard) Hidden
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.50.0 - PS3 Media Server)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Remote Play mit PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.0.2.06212 - Sony Corporation)
Remote Play with PlayStation 3 (x32 Version: 1.0.0.15090 - Sony Corporation) Hidden
Remote-Tastatur mit PlayStation 3 (HKLM-x32\...\{65B138AE-F636-4D4C-BA5D-A06E21E47C53}) (Version: 1.0.2.06170 - Sony Corporation)
Roadkil's Raw Copy Version 1.2 (HKLM-x32\...\{FE95BD73-9BCF-4859-BC47-16617911FE3B}_is1) (Version:  - Roadkil.Net)
Rohos Mini Drive 1.8 (HKLM-x32\...\Rohos_Rohos22_is1) (Version:  - Tesline-Service srl)
Roomeon 3D-Planer (HKLM-x32\...\{51BA4778-915C-4B75-92AC-06060B76FE16}) (Version: 1.0.0 - MyDomicile.com GmbH)
Rosetta Stone Ltd Services (HKLM-x32\...\{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}) (Version: 3.2.17 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\com.rosettastone.rosettastonetotale) (Version: 4.1.15.1 - Rosetta Stone, Ltd)
Rosetta Stone TOTALe (x32 Version: 4.1.1 - Rosetta Stone, Ltd) Hidden
Rosetta Stone TOTALe (x32 Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
SecCommerce SecSigner 3.6 (HKLM\...\SecCommerce SecSigner) (Version: 3.6 - SecCommerce Informationssysteme GmbH)
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Sentinel System Driver (HKLM-x32\...\Rainbow Sentinel Driver) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SetEditHBP (remove only) (HKLM-x32\...\SetEditHBP) (Version:  - )
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.1.0.11200 - Sony Corporation)
Setup_msm_VCMS_x64 (Version: 2.6.0.06040 - Sony Corporation) Hidden
Setup_msm_VOFS_x64 (Version: 2.3.0.09270 - Sony Corporation) Hidden
Setup_VEP_x64_Contain_SSDB (Version: 3.9.0.09270 - Sony Corporation) Hidden
Simple PAK Maker (HKLM-x32\...\{C4D6A4E8-D564-4634-B16D-D40112FB7A51}) (Version: 2.0.0.0 - )
simple-fax.de Version 1 (HKLM-x32\...\{7343767F-D225-4EB2-87B8-173451445F45}_is1) (Version: 1 - simple-fax.de)
SIW version 2010.04.28 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2010.04.28 - Topala Software Solutions)
Snapshot (remove only) (HKLM-x32\...\Snapshot) (Version:  - )
SOHLib Merge Module (x32 Version: 2.2.0.11240 - Sony Corporation) Hidden
Sony Home Network Library (HKLM-x32\...\{A6B90666-2A1F-49E8-A40E-27EAAD11C096}) (Version: 2.2.0.11240 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.0.1.10160 - Sony Corporation) Hidden
SopCast 3.3.2 (HKLM-x32\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SpotLite (HKCU\...\SpotLite) (Version: 00.01.00.04 - Quartermaster (Bond))
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server-Browser für SQL Server 2012 (HKLM-x32\...\{1A4C9497-7D4B-466D-8D3A-FE0D925386DC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sweet Home 3D version 3.2 (HKLM-x32\...\Sweet Home 3D_is1) (Version:  - eTeks)
System Requirements Lab for Intel (HKLM-x32\...\{ADD72094-D289-4714-A62E-70574478A2BC}) (Version: 4.3.1.0 - Husdawg, LLC)
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.10418 - TeamViewer GmbH)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Tiny DHCP Server (HKLM-x32\...\Tiny DHCP Server) (Version:  - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Tor 0.2.2.30-rc (HKLM-x32\...\Tor) (Version:  - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TSDoctor (HKLM-x32\...\{1A8BB532-FE89-4AAF-BA8F-AABA6A51CD5F}) (Version: 1.0.83 - Cypheros)
UBCD4Win 3.60 (HKLM-x32\...\UBCD4Win_is1) (Version:  - UBCD4Win Team - Benjamin Burrows)
UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version:  - )
UltraVNC 1.0.9.1 (HKLM-x32\...\Ultravnc2_is1) (Version: 1.0.9.1 - 1.0.9.1)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation)
Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version:  - )
UsenetFaker v1.0.0.0 (HKLM-x32\...\UsenetFaker_is1) (Version:  - )
VAIO Care (HKLM\...\{FDCC09EA-A33E-4639-B1CD-FC1702815FA7}) (Version: 8.4.0.14281 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{A1255354-11F3-4D25-95CC-C9B1C2320761}) (Version: 3.9.0.11260 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.6.0.09250 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Network Service Manager (HKLM\...\{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Content Metadata Manager Settings (HKLM\...\{8FE3CF66-4484-4D39-B47D-DEBBA173619D}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Content Metadata XML Interface Library (HKLM\...\{97C58294-36D8-4594-8A49-7AB4AE096504}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.2.0.09150 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.2.0.09150 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.1.00.15050 - Sony Corporation)
VAIO Energie Verwaltung (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.0.0.11300 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{0489D044-6386-4BDF-9F98-577D60CF79DD}) (Version: 3.9.0.11160 - Sony Corporation)
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.1.0.12010 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.2.1.09131 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 1.0.0.10290 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Marketing Tools (HKLM-x32\...\MarketingTools) (Version:  - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.0.1.10160 - Sony Corporation)
VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 1.2.0.09100 - Sony Corporation)
VAIO Movie Story MergeModules x64 (Version: 1.0.14240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.2.00.15250 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.0.00.09240 - Sony Corporation) Hidden
VAIO Original Funktion Einstellungen (HKLM-x32\...\{04EAE65A-CDCF-480F-B754-5C3A9364239C}) (Version: 2.3.0.11240 - Sony Corporation)
VAIO Personalization Manager (HKLM\...\{DBB823F3-E8BD-4578-9D16-42AF176FD777}) (Version: 3.0.0.11160 - Sony Corporation)
VAIO Premium Partners (HKLM-x32\...\VAIO Premium Partners) (Version: 1.0 - Sony Europe)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.3.1.7 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.3.1.7 - Sony Corporation) Hidden
VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.1.08110 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.0.0.06010 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)
Vidalia 0.2.12 (HKLM-x32\...\Vidalia) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Vistumbler (HKLM-x32\...\Vistumbler) (Version: v10 - Vistumbler.net)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
windata basic (HKLM-x32\...\{B20643D6-70C3-447E-8C19-5AADD3904C81}) (Version: 08.00.0000 - windata GmbH & Co.KG)
windata@home (HKLM-x32\...\{A0703E79-9B57-4BE1-BEF1-E43402CBBFF0}) (Version: 08.08.0000 - windata GmbH & Co.KG)
Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 5.1.8 (HKLM-x32\...\winscp3_is1) (Version: 5.1.8 - Martin Prikryl)
XMedia Recode 3.0.6.7 (HKLM-x32\...\XMedia Recode) (Version: 3.0.6.7 - Sebastian Dörfler)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

18-10-2014 11:55:59 Konfiguriert Brother Software Suite
21-10-2014 11:33:39 Windows Update
22-10-2014 18:05:18 Revo Uninstaller's restore point - DAEMON Tools Toolbar
22-10-2014 18:12:02 Revo Uninstaller's restore point - Funmoods Web Search
22-10-2014 18:18:54 Revo Uninstaller's restore point - Update for Zip Opener
22-10-2014 18:20:30 Revo Uninstaller's restore point - vShare.tv plugin 1.3
22-10-2014 20:05:54 Removed Java 7 Update 55 (64-bit)
24-10-2014 18:36:55 Windows Update
28-10-2014 22:55:51 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-10-22 19:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11AB48CB-E787-4F59-8219-53BDCA876862} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {17C8CFD2-4029-460E-A6CD-53CBB25A00C2} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {1A711198-0BA9-4ED0-8B61-B44DDFEDEACF} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {3404E6B7-BCCB-469A-8E3D-B0563632A16C} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {364C52BB-493C-45BE-BA18-19F3CB63CAE9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3EED7FD4-747E-437D-A868-4AC6DEA53B83} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {44B093F9-D6AA-4661-B9BA-EA1333300C86} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJMIMIMMMJMKJLJPMCNLMLJOJJMCNLMGMHMPMCNGMLMPMOMCNKJLJMJOMLJIMOMLJJMHMPMPMJNJICMIMCNNMCNGMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMMIEJGIKJNIFJAJKJJNKJCMJNNICMJNDJCMLJKJ"
Task: {52D6BE54-933A-4B27-9EC8-22D5ACFCB7E6} - System32\Tasks\Open URL by Roboform => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMJMIMIMMMJMKJLJPMCNLMLJOJJMCNLMGMHMPMCNGMLMPMOMCNKJLJMJOMLJIMOMLJJMHMPMPMJNJICMIMCNMMCNNMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMPMCNNMJNPICMPMFMFMGMIMJNHICMMJBJKJLIMJJNBJCMMIEJGIKJNIFJAJKJJNKJCMJNNICMJNDJCMLJKJ"
Task: {578AFFD4-EB45-476C-A5D8-87C1C02D0D98} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {58E45C7E-0640-404E-B5E2-7B4D045EC33F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-15] (AVAST Software)
Task: {6615E562-AC45-490E-97AD-5D892EA5E872} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {793AAAA3-44D3-48B9-8570-AF9CE4C2CD0B} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {7CCABE14-77D5-4FCB-8E04-3482A19803BE} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {7F3738BD-8BB9-4891-9EB5-F56D640B36ED} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {88ED3377-4CB1-469A-84DA-258A833262FB} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {8E6413D9-8DB2-4031-916E-3B7D3D2BD242} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-10-25] (Sony Corporation)
Task: {8FC70F01-B45F-421F-A148-71BDCA8F2C12} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {94BF4AB2-F919-4F2E-9995-AF0E5FA034D2} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {98091604-3DE7-4B23-A0A6-E774DC0263BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-05] (Google Inc.)
Task: {A90FEA3A-DB4F-4817-90F6-D1B6C6D39ED9} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {B151739C-0FAA-4B1A-A63C-D717084230B4} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {BC311B7E-F30F-4701-BEAD-19EE5A22FD63} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {C46351A3-4D02-4BFB-9459-D0EAF1D48E05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-05] (Google Inc.)
Task: {C4A85847-DFD3-42F1-A3C6-C0FA276B3F54} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {C81DAFF3-CED8-4252-8AEF-A3A96E685773} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)
Task: {DB33CD9B-24D2-42A1-A3B9-6BA9F66C33A0} - System32\Tasks\SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3 => C:\Program Files\Sony\Remote Keyboard with PlayStation 3\VBTKBUtil.exe [2010-06-17] (Sony Corporation)
Task: {DF3160C5-1645-408B-B0EE-FE4E4E292839} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {E39F1155-3D4E-4E65-B869-2B0B8C80C413} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {ECA53539-0A26-413A-8DF7-9A784D9D4FFC} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {F107CD63-AFBD-4D25-83B2-96D289235F68} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-10-25] (Sony Corporation)
Task: {FA2A8DEF-658C-4962-BB82-280ABB3E4E88} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {FC2B3564-8D8B-452B-B987-499D15E69A55} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-06 16:34 - 2013-02-09 13:17 - 00113152 _____ () C:\Windows\System32\redmon64.dll
2014-06-21 14:26 - 2005-04-22 05:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2010-08-24 14:39 - 2010-08-24 14:39 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-01-26 20:04 - 2011-01-26 20:04 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-06-08 22:51 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2014-01-28 21:45 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-07-15 17:42 - 2014-07-15 17:42 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-30 20:20 - 2014-10-30 20:20 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14103001\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-02 14:10 - 2009-12-01 21:03 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-06-02 14:10 - 2009-12-01 21:03 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2010-01-29 22:55 - 2009-11-21 00:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-07-15 17:42 - 2014-07-15 17:42 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-21 14:10 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\skyerjoe\Downloads\email_87_20140717181446.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\startupfolder: C:^Users^skyerjoe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.3301725356812716.exe.lnk => C:\Windows\pss\0.3301725356812716.exe.lnk.Startup
MSCONFIG\startupfolder: C:^Users^skyerjoe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Hardcopy.LNK => C:\Windows\pss\Hardcopy.LNK.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MarketingTools => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Tiny DHCP Server => "C:\Program Files (x86)\Tiny DHCP Server\dhcpsrv.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1609788897-153937731-1751884820-500 - Administrator - Disabled)
Gast (S-1-5-21-1609788897-153937731-1751884820-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1609788897-153937731-1751884820-1002 - Limited - Enabled)
sky (S-1-5-21-1609788897-153937731-1751884820-1003 - Limited - Enabled) => C:\Users\sky
skyerjoe (S-1-5-21-1609788897-153937731-1751884820-1000 - Administrator - Enabled) => C:\Users\skyerjoe

==================== Faulty Device Manager Devices =============

Name: Photosmart Prem C410 series
Description: Photosmart Prem C410 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter V9
Description: TAP-Win32 Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: USB 2.0 Camera
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Description: Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Prem C410 series
Description: Photosmart Prem C410 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-10-22 20:45:09.080
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-22 20:45:08.768
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-03-11 21:57:10.758
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-11 21:57:10.748
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-11 21:57:10.738
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-11 21:57:10.718
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-11 21:57:10.698
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-11 21:57:10.668
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-02-07 18:25:04.335
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-02-07 18:25:04.313
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 43%
Total physical RAM: 3950.07 MB
Available physical RAM: 2227.5 MB
Total Pagefile: 7898.31 MB
Available Pagefile: 5838.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:396.01 GB) (Free:13.33 GB) NTFS
Drive e: () (Fixed) (Total:19.53 GB) (Free:3.78 GB) NTFS
Drive h: (Volume) (Fixed) (Total:39.5 GB) (Free:2.02 GB) NTFS
Drive i: (crystal_reports) (CDROM) (Total:0.82 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0A0C67E8)
Partition 1: (Not Active) - (Size=10.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=396 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=59 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
--- --- ---



grüße fireskyer

Alt 31.10.2014, 13:06   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. - Standard

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.11.2014, 18:34   #15
fireskyer
 
Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. - Standard

Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.



Jep grade wieder den Browser gestartet da kam es wieder :



Eset Online Scanner:

Code:
ATTFilter
C:\UBCD4Win\UBCD4WinBuilder.iso	Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\UBCD4Win\UBCD4Windows2.iso	Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\sky\Downloads\k.stick\temp\Jana\Anwendungsdaten\Mozilla\Firefox\Profiles\qiskhrh2.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul	Win32/DealPly.J evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\sky\Downloads\k.stick\temp\Jana\Eigene Dateien\FreeYouTubeToMP3Converter31014.exe	Win32/Toolbar.Conduit evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\sky\Downloads\k.stick\temp\Jana\Eigene Dateien\Downloads\3GPConverterSetup.exe	Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\sky\Downloads\k.stick\temp\Jana\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html	Win32/DealPly.J evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\skyerjoe\Downloads\Driver.Genius.Professional.10.0.0.526.rar	Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\skyerjoe\Downloads\FritzRePass1.20-U3(1).zip	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\skyerjoe\Downloads\FritzRePass1.20-U3-tmp.zip	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\skyerjoe\Downloads\FritzRePass1.20-U3.zip	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\skyerjoe\Downloads\ruKernelTool(1).zip	Win32/Packed.Autoit.H evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\skyerjoe\Downloads\ruKernelTool.zip	Win32/Packed.Autoit.H evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\skyerjoe\Downloads\Fritz Recover\FritzRePass1.20+U3.zip	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\skyerjoe\oktay\sr-codbo\kkhfgys.rar	Variante von Win32/Packed.VMProtect.AAD Trojaner	gelöscht - in Quarantäne kopiert
E:\Dokumente und Einstellungen\skyerjoe\Eigene Dateien\Downloads\Fritz Recover\FritzRePass1.20+U3.zip	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
H:\Temp\hirens\ERD2.iso	Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
H:\Temp\hirens\HBCD 11.0.iso	Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
         
checkup.txt:

Code:
ATTFilter
Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (2.0.0.4003)   
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (33.0.2) 
 Mozilla Thunderbird (24.6.0) 
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST:

frst.txt:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by skyerjoe (administrator) on SKYERJOE-VAIO on 05-11-2014 19:05:01
Running from C:\Users\skyerjoe\Downloads
Loaded Profiles: skyerjoe & MSSQL$SQLEXPRESS (Available profiles: skyerjoe & sky & MSSQL$SQLEXPRESS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Tesline-Service SRL) C:\Program Files (x86)\Rohos\agent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Ext2Fsd Group (www.ext2fsd.com)) C:\Program Files\Ext2Fsd\Ext2Mgr.exe
() C:\Program Files (x86)\Tiny DHCP Server\dhcpsrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-16] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [PrintDisp] => C:\Windows\system32\PrintDisp.exe [878080 2009-08-21] (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-21] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1655296 2010-09-05] (Dominik Reichl)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ext2 Volume Manager] => C:\Program Files\Ext2Fsd\Ext2Mgr.exe [1211536 2011-02-05] (Ext2Fsd Group (www.ext2fsd.com))
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Tiny DHCP Server] => C:\Program Files (x86)\Tiny DHCP Server\dhcpsrv.exe [94208 2011-08-30] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [Rohos] => C:\Program Files (x86)\Rohos\agent.exe [801080 2011-05-17] (Tesline-Service SRL)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\skyerjoe\AppData\Local\Apps\2.0\BTH1ZOGT.8OZ\L89TLL57.57W\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-04-03] (AVM Berlin)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\Run: [SecureBanking] => C:\Program Files (x86)\Machinecode Technologies\Secure Banking\SecureBanking.exe
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [854192 2014-09-12] (Adobe Systems Incorporated)
AppInit_DLLs: C:\Windows\System32\acaptuser64.dll => C:\Windows\System32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\windata Zahlungserinnerung.lnk
ShortcutTarget: windata Zahlungserinnerung.lnk -> C:\windata\Home\windataZahlungserinnerung.exe (windata GmbH & Co.KG)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1609788897-153937731-1751884820-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {2ACC42B3-35D9-443C-A196-98B24C83B63A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
SearchScopes: HKCU - {35F08D01-53EE-40D5-9B58-2E54616CA883} URL = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
SearchScopes: HKCU - {529538C8-6480-4BF9-9D9D-847EE0E86B93} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {D4458402-FDE2-4BEA-B7CC-D06F9B2A768F} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Tcpip\..\Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}: [NameServer] 192.168.178.1
Tcpip\..\Interfaces\{D61CA8A8-A9C5-4B05-8B5C-1FF6CD0702CA}: [NameServer] 192.168.178.15

FireFox:
========
FF ProfilePath: C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default
FF SelectedSearchEngine: Google
FF Homepage: about:home|hxxp://www.giga.de/
FF NetworkProxy: "backup.ftp", "192.168.43.1"
FF NetworkProxy: "backup.ftp_port", 3431
FF NetworkProxy: "backup.socks", "192.168.43.1"
FF NetworkProxy: "backup.socks_port", 3431
FF NetworkProxy: "backup.ssl", "192.168.43.1"
FF NetworkProxy: "backup.ssl_port", 3431
FF NetworkProxy: "ftp", "192.168.43.1"
FF NetworkProxy: "ftp_port", 34731
FF NetworkProxy: "http", "192.168.43.1"
FF NetworkProxy: "http_port", 34731
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.43.1"
FF NetworkProxy: "socks_port", 34731
FF NetworkProxy: "ssl", "192.168.43.1"
FF NetworkProxy: "ssl_port", 34731
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\searchplugins\gutscheinsuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: FreeSpeechMe - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\convergence@dot-bit.org [2014-05-16]
FF Extension: FoxyProxy Standard - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\foxyproxy@eric.h.jung [2014-09-05]
FF Extension: HTTPS-Everywhere - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\https-everywhere@eff.org [2014-11-02]
FF Extension: ReminderFox - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-11-02]
FF Extension: Bitdefender QuickScan - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-17]
FF Extension: Disconnect - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\2.0@disconnect.me.xpi [2014-11-02]
FF Extension: about:addons-memory - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\about-addons-memory@tn123.org.xpi [2014-11-02]
FF Extension: Social Fixer - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\betterfacebook@mattkruse.com.xpi [2011-08-08]
FF Extension: Facebook Chat History Manager - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\fbchathistory@firechm.com.xpi [2011-08-09]
FF Extension: Ghostery - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\firefox@ghostery.com.xpi [2014-11-02]
FF Extension: FireNes - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\firenes@facundo.zaldo.xpi [2012-01-03]
FF Extension: Heartbleed Monitor - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\jid1-eMhaOaq3SPBFDg@jetpack.xpi [2014-11-02]
FF Extension: Lightbeam - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-11-02]
FF Extension: Premiumize.me - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\jid1-sirVJT0BXhkuJg@jetpack.xpi [2014-07-15]
FF Extension: Deutsch (DE) Language Pack - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2011-12-28]
FF Extension: Media Hint - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\mediahint@jetpack.xpi [2014-11-02]
FF Extension: 1Password - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\onepassword4@agilebits.com.xpi [2014-11-02]
FF Extension: Stealthy - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\stealthyextension@gmail.com.xpi [2011-10-30]
FF Extension: Flagfox - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-12]
FF Extension: Encrypted Communication - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{52a7f893-d228-412e-9b28-bc61491462f6}.xpi [2014-02-05]
FF Extension: PasswordMaker - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{5872365e-67d1-4afd-9480-fd293bebd20d}.xpi [2014-11-02]
FF Extension: NoScript - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-02]
FF Extension: FoxySpider - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{75df891f-e299-4725-b14f-7d52f086dea2}.xpi [2014-11-02]
FF Extension: BugMeNot Plugin - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2011-07-17]
FF Extension: Adblock Plus - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-10]
FF Extension: BetterPrivacy - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-11-02]
FF Extension: Torbutton - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2011-08-18]
FF Extension: QuickJava - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-11-02]
FF Extension: User Agent Switcher - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-06-20]
FF Extension: WorldIP - C:\Users\skyerjoe\AppData\Roaming\Mozilla\Firefox\Profiles\038mguur.default\Extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2011-08-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-10]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome: 
=======
CHR Profile: C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-02]
CHR Extension: (Google Wallet) - C:\Users\skyerjoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Printer Control; C:\Windows\system32\PrintCtrl.exe [77824 2009-06-16] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
R2 Rohos Disk; C:\Program Files (x86)\Rohos\agent.exe [801080 2011-05-17] (Tesline-Service SRL)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-27] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-15] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2014-04-03] (AVM Berlin)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [268896 2014-04-03] (SysProgs.org)
R1 Ext2fs; C:\Windows\System32\DRIVERS\ext2fs.sys [270272 2008-09-25] (Stephan Schreiber)
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [769816 2011-07-09] (www.ext2fsd.com)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-04-08] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-12-03] (Paragon Software Group)
R1 IfsMount; C:\Windows\System32\DRIVERS\ifsmount.sys [80320 2008-08-28] (Stephan Schreiber)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7778176 2009-12-16] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [244736 2009-12-16] (Intel(R) Corporation) [File not signed]
R2 regi; C:\Windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo)
R2 RHDISK_AMD64; C:\Program Files (x86)\Rohos\RHDISK_AMD64.SYS [31408 2009-07-24] (Tesline-Service SRL)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 Sntnlusb; C:\Windows\SysWOW64\DRIVERS\SNTNLUSB.SYS [26120 2002-12-16] (Rainbow Technologies Inc.)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-06-10] (Duplex Secure Ltd.)
S3 TVICHW64; C:\Windows\system32\DRIVERS\TVICHW64.SYS [21200 2010-08-30] (EnTech Taiwan)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113952 2014-02-25] (Oracle Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 19:03 - 2014-11-05 19:03 - 00000986 _____ () C:\Users\skyerjoe\Downloads\checkup.txt
2014-11-05 18:20 - 2014-11-05 18:20 - 00854448 _____ () C:\Users\skyerjoe\Downloads\SecurityCheck.exe
2014-11-02 23:23 - 2014-11-02 23:23 - 06670199 _____ () C:\Users\skyerjoe\Downloads\masterpassword-gui.jar
2014-11-02 23:02 - 2014-11-05 18:11 - 00000000 ____D () C:\Users\skyerjoe\Documents\1Password
2014-11-02 23:00 - 2014-11-02 23:01 - 09963616 _____ (AgileBits ) C:\Users\skyerjoe\Downloads\1Password-4.1.0.526.exe
2014-11-02 21:05 - 2014-11-02 21:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-02 20:10 - 2014-11-02 20:10 - 14107296 _____ (Microsoft Corporation) C:\Users\skyerjoe\Downloads\mseinstall.exe
2014-11-02 18:33 - 2014-11-02 18:35 - 02347384 _____ (ESET) C:\Users\skyerjoe\Downloads\esetsmartinstaller_deu.exe
2014-10-31 00:29 - 2014-10-31 00:29 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Machinecode_Technologies
2014-10-31 00:26 - 2014-10-31 00:27 - 41209944 _____ (ALF AG ) C:\Users\skyerjoe\Downloads\setupBanCo.exe
2014-10-30 23:52 - 2014-11-05 19:04 - 00000000 ____D () C:\Users\skyerjoe\Downloads\FRST-OlderVersion
2014-10-30 23:51 - 2014-10-30 23:51 - 00001067 _____ () C:\Users\skyerjoe\Desktop\JRT.txt
2014-10-30 23:38 - 2014-10-30 23:38 - 00000020 _____ () C:\Users\skyerjoe\defogger_reenable
2014-10-30 23:24 - 2014-10-30 23:24 - 00005807 _____ () C:\Users\skyerjoe\Downloads\JRT.txt
2014-10-30 23:18 - 2014-10-30 23:18 - 00000000 ____D () C:\Windows\ERUNT
2014-10-30 23:13 - 2014-10-30 23:13 - 00009077 _____ () C:\Users\skyerjoe\Downloads\AdwCleaner[S0].txt
2014-10-30 23:08 - 2014-10-30 23:08 - 00009488 _____ () C:\Users\skyerjoe\Downloads\AdwCleaner[R0].txt
2014-10-30 23:01 - 2014-10-30 23:09 - 00000000 ____D () C:\AdwCleaner
2014-10-30 23:01 - 2014-10-30 23:01 - 01706144 _____ (Thisisu) C:\Users\skyerjoe\Downloads\JRT.exe
2014-10-30 21:15 - 2014-10-30 21:15 - 00001529 _____ () C:\Users\skyerjoe\Downloads\malwarebytes.txt
2014-10-30 21:14 - 2014-10-30 21:14 - 00001502 _____ () C:\Users\skyerjoe\Documents\malwarebyte.txt
2014-10-30 20:41 - 2014-10-30 20:41 - 02857530 _____ (Machinecode Technologies) C:\Users\skyerjoe\Downloads\Secure_Banking_2.0.1.exe
2014-10-30 20:31 - 2014-10-30 20:31 - 01998336 _____ () C:\Users\skyerjoe\Downloads\AdwCleaner_4.002.exe
2014-10-30 20:29 - 2014-10-31 00:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-30 20:29 - 2014-10-30 20:29 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\skyerjoe\Downloads\mbam-setup-2.0.3.1025(1).exe
2014-10-30 20:29 - 2014-10-30 20:29 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-30 20:29 - 2014-10-30 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-30 20:29 - 2014-10-30 20:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-30 20:29 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-30 20:29 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-30 20:29 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-30 20:25 - 2014-10-30 20:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\skyerjoe\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-24 20:20 - 2014-10-24 20:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-24 19:45 - 2014-10-24 19:57 - 00000000 ____D () C:\Users\sky\Desktop\Arbeitsstick
2014-10-24 19:41 - 2014-10-24 19:43 - 00000000 ____D () C:\Users\sky\AppData\Roaming\MediaMonkey
2014-10-24 19:41 - 2014-10-24 19:41 - 00000000 ____D () C:\Users\sky\AppData\Local\MediaMonkey
2014-10-24 19:36 - 2014-10-24 20:26 - 00000000 ____D () C:\Users\sky\Downloads\k.stick
2014-10-24 19:35 - 2014-10-24 19:39 - 00000000 ____D () C:\Users\sky\AppData\Roaming\TeraCopy
2014-10-24 19:32 - 2014-10-24 19:45 - 00000000 ____D () C:\Users\sky\AppData\Roaming\vlc
2014-10-24 19:32 - 2014-10-24 19:32 - 00000000 ____D () C:\Users\sky\AppData\Roaming\Corel
2014-10-24 19:30 - 2014-10-24 19:30 - 00000000 ____D () C:\Users\sky\Corel
2014-10-22 21:27 - 2014-10-22 21:26 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-22 21:05 - 2014-10-22 21:06 - 92658088 _____ (Oracle Corporation) C:\Users\skyerjoe\Downloads\jre-8u25-windows-x64.exe
2014-10-22 19:52 - 2014-10-22 19:52 - 00033333 _____ () C:\ComboFix.txt
2014-10-22 19:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-22 19:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-22 19:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-22 19:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-22 19:29 - 2014-10-22 19:53 - 00000000 ____D () C:\Qoobox
2014-10-22 19:29 - 2014-10-22 19:48 - 00000000 ____D () C:\Windows\erdnt
2014-10-22 19:23 - 2014-10-22 19:23 - 05584933 ____R (Swearware) C:\Users\skyerjoe\Downloads\ComboFix.exe
2014-10-22 17:14 - 2014-10-22 17:14 - 00000000 ____D () C:\Users\skyerjoe\Downloads\RevoUninstallerPortable
2014-10-22 17:13 - 2014-10-22 17:13 - 02785665 _____ (PortableApps.com) C:\Users\skyerjoe\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2014-10-22 00:27 - 2014-10-22 00:27 - 00454448 _____ () C:\Windows\Minidump\102214-38111-01.dmp
2014-10-21 22:32 - 2014-10-21 22:59 - 00045524 _____ () C:\Users\skyerjoe\Desktop\logs.rar
2014-10-21 20:40 - 2014-10-30 23:58 - 00126518 _____ () C:\Users\skyerjoe\Downloads\Shortcut.txt
2014-10-21 19:58 - 2014-10-21 21:59 - 00508927 _____ () C:\Users\skyerjoe\Desktop\gmer.log
2014-10-21 19:32 - 2014-10-21 19:32 - 00060979 _____ () C:\Users\skyerjoe\Downloads\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2014-10-21 19:32 - 2014-10-21 19:32 - 00000000 ____D () C:\Users\skyerjoe\Downloads\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board_files
2014-10-21 19:28 - 2014-10-21 19:28 - 00380416 _____ () C:\Users\skyerjoe\Downloads\Gmer-19357(1).exe
2014-10-21 19:08 - 2014-10-21 22:00 - 00000292 _____ () C:\Users\skyerjoe\Downloads\defogger_enable.log
2014-10-21 19:07 - 2014-10-21 19:07 - 00050477 _____ () C:\Users\skyerjoe\Downloads\Defogger(1).exe
2014-10-21 13:09 - 2014-10-21 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-10-19 16:52 - 2014-10-19 16:52 - 00005118 _____ () C:\Users\skyerjoe\Downloads\eset-kompl.txt
2014-10-18 15:13 - 2014-10-18 15:13 - 00924173 _____ () C:\Users\skyerjoe\Downloads\BrMain480(1).exe
2014-10-18 13:03 - 2014-11-03 01:43 - 00002722 _____ () C:\Users\skyerjoe\Downloads\eset.txt
2014-10-18 12:59 - 2014-10-18 12:59 - 00000000 ____D () C:\Users\skyerjoe\Downloads\nettool
2014-10-18 12:58 - 2014-10-18 12:58 - 00980304 _____ (A.I.SOFT,INC.) C:\Users\skyerjoe\Downloads\nettool_1270.EXE
2014-10-18 11:41 - 2014-10-18 11:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox4
2014-10-16 18:20 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 18:20 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 18:20 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 18:19 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 18:19 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 18:19 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 18:19 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 18:19 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 18:19 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 18:19 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 18:19 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 18:19 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 18:19 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 18:19 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 18:19 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 18:19 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 18:19 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 18:19 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 18:19 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 18:19 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 18:19 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 18:19 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 18:19 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 18:19 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 18:19 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 18:19 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 18:19 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 18:19 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 18:19 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 18:19 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 18:19 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 18:19 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 18:19 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 18:19 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 18:19 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 18:19 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 18:19 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 18:19 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 18:19 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 18:19 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 18:19 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 18:19 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 18:19 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 18:19 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 18:19 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 18:19 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 18:19 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 18:19 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 18:19 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 18:19 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 18:19 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 18:19 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 18:19 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 18:19 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 18:19 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 18:19 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 18:19 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 18:19 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 18:18 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 18:18 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 18:18 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 18:18 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 18:17 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 18:17 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 18:17 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 18:17 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 18:17 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 18:17 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 18:17 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 18:17 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 18:17 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 18:17 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 18:17 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 18:16 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 18:16 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-12 14:47 - 2014-10-12 14:47 - 00000000 ____D () C:\Users\sky\Desktop\Old Firefox Data
2014-10-12 14:20 - 2014-10-12 14:20 - 00000000 ____D () C:\Users\sky\AppData\Local\Apple
2014-10-12 14:19 - 2014-10-12 14:19 - 00000000 ____D () C:\Users\sky\AppData\Local\Macromedia
2014-10-10 17:13 - 2014-10-10 17:13 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\skyerjoe\Downloads\SandboxieInstall.exe
2014-10-10 17:02 - 2014-10-10 17:02 - 01915297 _____ () C:\Users\skyerjoe\Downloads\Secure Banking v2.0.1.rar
2014-10-09 17:59 - 2014-10-09 17:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-09 16:57 - 2014-10-09 16:57 - 00000000 ____D () C:\Users\skyerjoe\Downloads\Rootkit_Remover_3022
2014-10-09 16:56 - 2014-10-09 16:57 - 15258612 _____ () C:\Users\skyerjoe\Downloads\Rootkit_Remover_3022.zip
2014-10-08 19:05 - 2014-10-08 19:05 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-10-08 19:05 - 2014-10-08 19:05 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-10-07 20:57 - 2014-10-21 17:46 - 00000000 ____D () C:\Users\skyerjoe\Downloads\cr_example_db
2014-10-07 20:38 - 2014-10-07 20:38 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Microsoft_Corporation
2014-10-07 20:34 - 2014-11-02 18:26 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS
2014-10-07 20:34 - 2014-10-07 22:16 - 00000000 ____D () C:\Users\skyerjoe\Documents\SQL Server Management Studio
2014-10-07 20:34 - 2014-10-07 20:34 - 00000020 ___SH () C:\Users\MSSQL$SQLEXPRESS\ntuser.ini
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Vorlagen
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Startmenü
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Netzwerkumgebung
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Lokale Einstellungen
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Eigene Dateien
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Druckumgebung
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Documents\Eigene Musik
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Documents\Eigene Bilder
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Verlauf
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Anwendungsdaten
2014-10-07 20:34 - 2014-10-07 20:34 - 00000000 _SHDL () C:\Users\MSSQL$SQLEXPRESS\Anwendungsdaten
2014-10-07 20:34 - 2014-04-02 22:17 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Macromedia
2014-10-07 20:34 - 2013-12-05 19:46 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Apple
2014-10-07 20:34 - 2010-06-11 15:44 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Microsoft Help
2014-10-07 20:34 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-07 20:34 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-07 20:33 - 2012-02-11 09:03 - 00082520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr11.0.2100.60.dll
2014-10-07 20:33 - 2012-02-11 09:02 - 00045656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-10-07 20:33 - 2012-02-11 07:46 - 00180312 _____ (Microsoft Corporation) C:\Windows\system32\hadrres.dll
2014-10-07 20:33 - 2012-02-11 07:46 - 00082520 _____ (Microsoft Corporation) C:\Windows\system32\fssres.dll
2014-10-07 20:33 - 2012-02-11 07:44 - 00095832 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.0.2100.60.dll
2014-10-07 20:33 - 2012-02-11 07:44 - 00054360 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2014-10-07 20:28 - 2014-10-07 20:28 - 00000000 ____D () C:\Windows\system32\RsFx
2014-10-07 20:26 - 2014-10-07 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-10-07 20:25 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-10-07 20:25 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\system32\1033
2014-10-07 20:24 - 2014-10-07 20:24 - 00000000 ____D () C:\Users\skyerjoe\Documents\Visual Studio 2010
2014-10-07 20:21 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\SysWOW64\1031
2014-10-07 20:20 - 2014-10-07 20:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-10-07 20:18 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\system32\1031
2014-10-07 20:18 - 2014-10-07 20:18 - 00000000 ____D () C:\Windows\symbols
2014-10-07 20:18 - 2014-10-07 20:18 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-10-07 20:18 - 2014-10-07 20:18 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-10-07 20:18 - 2014-10-07 20:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-10-07 20:12 - 2014-10-07 20:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-10-07 20:12 - 2014-10-07 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2014-10-07 20:05 - 2014-10-07 20:07 - 18411567 _____ () C:\Users\skyerjoe\Downloads\cr_xi_xtreme_rep_smpl_en.zip
2014-10-07 19:57 - 2014-10-07 20:38 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-10-07 19:40 - 2014-10-07 19:51 - 742686296 _____ (Microsoft Corporation) C:\Users\skyerjoe\Downloads\SQLEXPRWT_x64_DEU.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 19:06 - 2014-04-09 22:30 - 00034880 _____ () C:\Users\skyerjoe\Downloads\FRST.txt
2014-11-05 19:05 - 2014-04-09 22:30 - 00000000 ____D () C:\FRST
2014-11-05 19:04 - 2014-04-09 22:25 - 00000530 _____ () C:\Users\skyerjoe\Downloads\defogger_disable.log
2014-11-05 19:04 - 2014-04-09 22:21 - 02114560 _____ (Farbar) C:\Users\skyerjoe\Downloads\FRST64.exe
2014-11-05 18:37 - 2013-12-21 01:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-05 18:20 - 2010-06-02 13:47 - 01836205 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 18:18 - 2014-02-05 23:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 18:18 - 2014-02-05 23:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 18:18 - 2009-07-14 05:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 18:18 - 2009-07-14 05:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 18:14 - 2010-06-02 14:55 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B07B1A65-7663-4533-B9F1-3274CBE7C8AF}
2014-11-05 18:09 - 2014-01-10 11:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-05 18:08 - 2011-06-13 18:04 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Deployment
2014-11-05 18:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 18:04 - 2012-04-27 15:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-05 18:04 - 2012-03-15 15:14 - 00056213 _____ () C:\Windows\setupact.log
2014-11-03 01:35 - 2010-07-13 09:16 - 00000000 ____D () C:\Users\skyerjoe\Downloads\Fritz Recover
2014-11-03 01:23 - 2010-09-03 19:55 - 00000000 ____D () C:\UBCD4Win
2014-11-02 01:48 - 2010-12-31 16:44 - 00002168 _____ () C:\Windows\Sandboxie.ini
2014-10-31 00:28 - 2011-08-10 10:18 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Downloaded Installations
2014-10-30 23:58 - 2014-04-09 22:32 - 00051325 _____ () C:\Users\skyerjoe\Downloads\Addition.txt
2014-10-30 23:38 - 2010-06-02 14:48 - 00000000 ____D () C:\Users\skyerjoe
2014-10-30 23:11 - 2012-03-19 01:07 - 00326512 _____ () C:\Windows\PFRO.log
2014-10-30 20:26 - 2010-06-02 14:40 - 00806468 _____ () C:\Windows\system32\perfh007.dat
2014-10-30 20:26 - 2010-06-02 14:40 - 00184872 _____ () C:\Windows\system32\perfc007.dat
2014-10-30 20:26 - 2009-07-14 06:13 - 01889308 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-29 00:19 - 2014-02-05 23:21 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 06:34 - 2010-06-30 00:44 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-24 20:20 - 2011-04-03 18:09 - 00000000 ____D () C:\Users\sky\AppData\Roaming\Apple Computer
2014-10-24 20:18 - 2011-04-03 18:09 - 00000000 ____D () C:\Users\sky\AppData\Local\Apple Computer
2014-10-24 19:33 - 2011-04-03 18:09 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{98ADFF9C-7640-4C3E-A3B7-468DC3BE102F}
2014-10-24 19:30 - 2010-11-23 16:39 - 00000000 ____D () C:\Users\sky
2014-10-22 21:26 - 2013-11-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-22 21:25 - 2013-11-14 16:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-22 21:25 - 2011-01-12 23:51 - 00000000 ____D () C:\Program Files\Java
2014-10-22 19:53 - 2011-06-13 18:04 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\Apps\2.0
2014-10-22 19:53 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-10-22 19:47 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-22 19:39 - 2010-06-10 16:29 - 00000000 _RSHD () C:\ProgramData\Temp
2014-10-22 17:13 - 2014-02-05 23:21 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 17:13 - 2014-02-05 23:21 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 00:27 - 2011-10-05 22:33 - 00000000 ____D () C:\Program Files (x86)\Rohos
2014-10-22 00:27 - 2011-05-17 00:00 - 00000000 ____D () C:\Windows\Minidump
2014-10-22 00:26 - 2012-04-04 23:08 - 719861678 _____ () C:\Windows\MEMORY.DMP
2014-10-21 23:21 - 2010-07-20 19:17 - 00000000 ____D () C:\Users\skyerjoe\AppData\Roaming\Notepad++
2014-10-21 23:10 - 2010-07-20 19:17 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-10-19 22:15 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-18 16:56 - 2010-06-21 16:42 - 00000000 ____D () C:\Users\skyerjoe\USB-Stick
2014-10-18 16:54 - 2011-05-08 13:50 - 00000000 ____D () C:\Program Files\UlisesSoft
2014-10-18 12:58 - 2014-06-20 00:17 - 00000000 ____D () C:\ProgramData\InstallShield
2014-10-18 12:55 - 2014-06-21 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-10-17 17:03 - 2014-01-11 18:18 - 00000000 ____D () C:\Windows\rescache
2014-10-17 14:03 - 2009-07-14 05:45 - 00453736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 23:55 - 2010-06-02 13:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 23:49 - 2013-11-15 16:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 23:09 - 2010-06-14 23:00 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 14:13 - 2014-07-15 17:29 - 00000000 ____D () C:\Users\sky\AppData\Roaming\ControlCenter4
2014-10-12 14:13 - 2011-04-03 18:10 - 00000000 ____D () C:\Users\sky\AppData\Local\Mozilla
2014-10-10 15:22 - 2010-12-31 16:44 - 00001318 _____ () C:\Users\skyerjoe\Desktop\Sandboxed Web Browser.lnk
2014-10-07 20:56 - 2014-06-20 00:09 - 00000000 ____D () C:\Program Files (x86)\Business Objects
2014-10-07 20:31 - 2010-06-02 13:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-07 20:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-07 20:02 - 2013-11-19 16:59 - 00000000 ____D () C:\Users\skyerjoe\AppData\Local\JDownloader v2.0

Files to move or delete:
====================
C:\Users\skyerjoe\fbchathistory.dat


Some content of TEMP:
====================
C:\Users\sky\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\skyerjoe\AppData\Local\Temp\Quarantine.exe
C:\Users\skyerjoe\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 18:59

==================== End Of Log ============================
         
--- --- ---



grüße fireskyer

Antwort

Themen zu Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.
4d36e972-e325-11ce-bfc1-08002be10318, branding, cpu-z, daemon tools toolbar entfernen, fehlercode 0x5, fehlercode 0xc0000005, fehlercode 22, fehlercode 43, funmoods web search entfernen, j2me/trojansms.agent.eg, java/exploit.agent.nbv, lightning, pup.optional.funmoods.a, pup.optional.startsear.a, update for zip opener entfernen, vshare.tv plugin 1.3 entfernen, win32/bundled.toolbar.ask, win32/bundled.toolbar.ask.g, win32/downloadsponsor.a, win32/nettool.portscan.aa, win32/packed.autoit.e.gen, win32/packed.autoit.h, win32/remoteadmin.remoteexec.aa, win32/smartfileadvisor.a, win32/toolbar.conduit.b, win32/toolbar.conduit.i, win32/wajam.f, win32/winloadsda.c, wscript.exe



Ähnliche Themen: Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden.


  1. Computer hängt sich beim ersten Start nach einiger Zeit auf
    Alles rund um Windows - 13.10.2015 (2)
  2. CPU Auslastung & Kein Signal nach einer Zeit an dem Bildschirm + CMD Fenster beim Start
    Plagegeister aller Art und deren Bekämpfung - 10.06.2015 (4)
  3. Firefox öfnnet ständig Websiten & Avast schlägt die ganze Zeit Alarm. Infektion URL Mail
    Log-Analyse und Auswertung - 09.03.2015 (13)
  4. Trojaner typ schickt mir ganze Zeit PW nachrichten !
    Log-Analyse und Auswertung - 29.10.2012 (1)
  5. Windows XP hängt nach start. RAM ausbau verlängert Zeit bis Freez
    Alles rund um Windows - 17.05.2012 (5)
  6. PC stürzt kurze Zeit nach jeweils erstem Start ab oder friert ein
    Plagegeister aller Art und deren Bekämpfung - 28.12.2011 (1)
  7. Firefox und IE stürzen ab sobald login auf einer Seite versucht wird
    Plagegeister aller Art und deren Bekämpfung - 02.08.2011 (13)
  8. Die ganze Zeit erscheint der Windows Installer Nr. 2
    Log-Analyse und Auswertung - 29.05.2011 (1)
  9. PC startet nur die ganze Zeit neu - Blackscreen
    Netzwerk und Hardware - 25.04.2011 (9)
  10. IE öffnet sich die ganze zeit von selbst :(
    Log-Analyse und Auswertung - 21.12.2010 (1)
  11. PC friert unregelmässig kurze Zeit nach Start ein
    Log-Analyse und Auswertung - 17.09.2010 (0)
  12. Die ganze Zeit Leerzeichen
    Plagegeister aller Art und deren Bekämpfung - 23.02.2009 (1)
  13. Es kommt die ganze zeit fehler Meldungen!!!
    Mülltonne - 21.03.2008 (1)
  14. PC sendet und empfängt die ganze Zeit Packete !?
    Überwachung, Datenschutz und Spam - 21.06.2007 (4)
  15. PC sendet und empfängt die ganze Zeit Packete !?
    Log-Analyse und Auswertung - 20.06.2007 (1)
  16. Modem läuft die ganze Zeit!
    Plagegeister aller Art und deren Bekämpfung - 23.08.2005 (1)
  17. Die ganze Zeit erscheint der Windows Installer
    Alles rund um Windows - 03.05.2005 (3)

Zum Thema Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. - Hallo Miteinander, Problem: Es wird die ganze Zeit beim starten von Firefox versucht, ein RAR File zu downloaden das 045.rar heißt und auf uploaded.net liegt. Diese Datei (0.45.rar) 291,76 MB - Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden....
Archiv
Du betrachtest: Nach Firefox start, wird die ganze Zeit versucht ein RAR File zu downloaden. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.