|
Plagegeister aller Art und deren Bekämpfung: Malewarebytes findet ganz viele PUPBlabbersWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.10.2012, 16:10 | #16 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet ganz viele PUPBlabbers Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
18.10.2012, 15:33 | #17 |
| Malewarebytes findet ganz viele PUPBlabbers hab ich gemacht...es hat einige alte dinge wieder hergestellt, die ich längst
__________________gelöscht hatte....*dummguck* - auch mein desktophintergrund hat es verändert. Soll das so sein? hier is die datei: Combofix Logfile: Code:
ATTFilter ComboFix 12-10-18.03 - Fabiènne 18.10.2012 15:52:58.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2008.1176 [GMT 2:00] ausgeführt von:: c:\users\Surfen\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini D:\install.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-09-18 bis 2012-10-18 )))))))))))))))))))))))))))))) . . 2012-10-18 14:03 . 2012-10-18 14:05 -------- d-----w- c:\users\Fabiènne\AppData\Local\temp 2012-10-18 14:03 . 2012-10-18 14:03 -------- d-----w- c:\users\Surfen\AppData\Local\temp 2012-10-18 14:03 . 2012-10-18 14:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-17 23:02 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EECF4380-261D-4E74-8AD9-5AC6246614C7}\mpengine.dll 2012-10-13 18:36 . 2012-10-13 18:36 -------- d-----w- c:\program files\ESET 2012-10-12 23:48 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-12 23:48 . 2012-10-12 23:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-11 18:02 . 2012-10-11 18:02 -------- d-----w- c:\users\Surfen\AppData\Roaming\Sonic Solutions 2012-10-10 12:14 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 12:14 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 12:14 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 12:14 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 12:14 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-10 12:13 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-10 12:13 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-07 01:13 . 2012-10-07 01:13 -------- d-----w- c:\users\Surfen\.thumbnails 2012-10-07 01:04 . 2012-10-07 01:04 -------- d-----w- c:\users\Surfen\AppData\Local\fontconfig 2012-10-07 01:04 . 2012-10-10 23:06 -------- d-----w- c:\users\Surfen\.gimp-2.8 2012-10-07 01:04 . 2012-10-07 01:04 -------- d-----w- c:\users\Surfen\AppData\Local\gegl-0.2 2012-10-07 00:59 . 2012-10-07 01:02 -------- d-----w- c:\program files\GIMP 2 . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 12:34 . 2012-04-09 13:39 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 12:34 . 2011-07-09 23:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-21 09:13 . 2012-05-27 01:57 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-08-21 09:13 . 2012-05-27 01:57 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-08-21 09:13 . 2012-05-27 01:57 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-08-21 09:13 . 2012-06-03 01:12 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-08-21 09:13 . 2012-06-03 01:12 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-08-21 09:13 . 2012-05-27 01:57 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-08-21 09:13 . 2012-05-27 01:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-08-21 09:13 . 2012-06-03 01:14 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-08-21 09:13 . 2012-05-27 01:57 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-08-21 09:12 . 2012-05-27 01:56 41224 ----a-w- c:\windows\avastSS.scr 2012-08-21 09:12 . 2012-05-27 01:56 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-09-08 13:02 . 2012-08-06 23:52 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "aswAhAScr.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-08-21 76648] "aswasOutExt.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-08-21 76648] " Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-07 766536] . c:\users\Fabiènne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ tbhcn.lnk - c:\users\Fabiènne\AppData\Roaming\BrowserCompanion\tbhcn.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496] Secunia PSI Tray.lnk - c:\users\Fabiènne\Desktop\PSI\psi_tray.exe [2011-4-19 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners . 2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 12:34] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - FF - ProfilePath - c:\users\Fabiènne\AppData\Roaming\Mozilla\Firefox\Profiles\7sozphux.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.de/ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKCU-Run-Exetender_148 - c:\program files\FreeRide Games\GPlayer.exe HKCU-Run-Spiele Post - c:\program files\OXXOGames\GPlayer\GameCenterNotifier.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-10-18 16:05 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . Zeit der Fertigstellung: 2012-10-18 16:07:49 ComboFix-quarantined-files.txt 2012-10-18 14:07 . Vor Suchlauf: 10 Verzeichnis(se), 38.184.972.288 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 68.762.861.568 Bytes frei . - - End Of File - - EF6D580048BDDE561C01E5698607520A |
18.10.2012, 16:11 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet ganz viele PUPBlabbers Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ |
25.10.2012, 13:26 | #19 |
| Malewarebytes findet ganz viele PUPBlabbers ok, gmer hab ich schonmal geschafft: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-10-25 14:25:08 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO Running: hsh9c61l.exe; Driver: C:\Users\FABINN~1\AppData\Local\Temp\uxdyakod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DB25708] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E1DB7C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8DB2611C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DB30F28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DB30F74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DB310F6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DB30E96] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8E1DBBBA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DB30EDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8DB26310] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DB310B0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8DB26A9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DB25756] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E1DB8AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8DB253BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DB257A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DB2A456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DB27464] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DB30F52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DB30F96] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DB3111A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DB30EBC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DB3103A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DB30F06] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DB310D4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E1DBA2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DB27330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x8DB26EDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DB257F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DB25840] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8DB2691C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DB25448] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DB255F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DB2559E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8DB26BFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8DB26D5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DB25668] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8E1DBAF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8DB26794] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DB2588E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8E1DB962] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8DB26498] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E1F3966] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInsertQueue + 2FD 82CB7934 4 Bytes [08, 57, B2, 8D] .text ntoskrnl.exe!KeInsertQueue + 321 82CB7958 4 Bytes [C8, B7, 1D, 8E] {ENTER 0x1db7, 0x8e} .text ntoskrnl.exe!KeInsertQueue + 381 82CB79B8 4 Bytes [1C, 61, B2, 8D] {SBB AL, 0x61; MOV DL, 0x8d} .text ntoskrnl.exe!KeInsertQueue + 3C1 82CB79F8 8 Bytes [28, 0F, B3, 8D, 74, 0F, B3, ...] {SUB [EDI], CL; MOV BL, 0x8d; JZ 0x15; MOV BL, 0x8d} .text ntoskrnl.exe!KeInsertQueue + 3CD 82CB7A04 4 Bytes [F6, 10, B3, 8D] {NOT BYTE [EAX]; MOV BL, 0x8d} .text ... PAGE ntoskrnl.exe!ObMakeTemporaryObject 82DEDE46 5 Bytes JMP 8E1F0806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 110 82E3754F 4 Bytes CALL 8DB27B07 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ObInsertObject 82E3BA1C 1 Byte [E9] PAGE ntoskrnl.exe!ObInsertObject 82E3BA1C 5 Bytes JMP 8E1F2320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 121 82E65017 4 Bytes CALL 8DB27B1D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 82ED2EC6 7 Bytes JMP 8E1F396A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngCreateRectRgn + 4537 974A0490 5 Bytes JMP 8DB2AF20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + 104A 974B06B6 5 Bytes JMP 8DB2AFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + C20 974B9719 5 Bytes JMP 8DB2BBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 4A1 974BA505 5 Bytes JMP 8DB2BD3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 8C2F 974C2C93 5 Bytes JMP 8DB2A48C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 616 974C3BE9 5 Bytes JMP 8DB2B9A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 30EB 974CF317 5 Bytes JMP 8DB2ADDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 455D 974D0789 5 Bytes JMP 8DB2A6E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 46AC 974D08D8 5 Bytes JMP 8DB2B08C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 4C41 974D0E6D 5 Bytes JMP 8DB2B0A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 5229 974D1455 5 Bytes JMP 8DB2AC00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A16 974EA305 5 Bytes JMP 8DB2AB40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A6A 974EA359 5 Bytes JMP 8DB2AE06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 377F 975113BE 5 Bytes JMP 8DB2B86E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 60DE 97513D1D 2 Bytes JMP 8DB2A592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 60E1 97513D20 2 Bytes [61, F6] .text win32k.sys!EngMulDiv + 4D3F 9751A66E 5 Bytes JMP 8DB2A756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 2B44 97524B04 5 Bytes JMP 8DB2BDE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 5FF 975279EC 3 Bytes JMP 8DB2A5AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 603 975279F0 1 Byte [F6] .text win32k.sys!EngLpkInstalled + 1D73 97531807 5 Bytes JMP 8DB2B95E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + B973 97541D90 5 Bytes JMP 8DB2AFCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 8C4 97545F82 5 Bytes JMP 8DB2BB20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 6F65 9754C623 5 Bytes JMP 8DB2B918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + B0F 9754FDCA 5 Bytes JMP 8DB2BA6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_vEnumStart + 4728 975576E9 5 Bytes JMP 8DB2A682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + E80 97575C8A 5 Bytes JMP 8DB2A93E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 248 9757B50A 5 Bytes JMP 8DB2A812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 26D9 9757F042 5 Bytes JMP 8DB2BC96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 375D 97597414 5 Bytes JMP 8DB2AFE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + A15 9759D55D 5 Bytes JMP 8DB2A866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + D27F 975A9DC7 5 Bytes JMP 8DB2AA6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + 10CF0 975AD838 5 Bytes JMP 8DB2A9D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[592] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\csrss.exe[652] KERNEL32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[660] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\wininit.exe[696] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\csrss.exe[708] KERNEL32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001501F8 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001503FC .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 001803FC .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00180600 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00181014 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00180804 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00180A08 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00180C0C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00180E10 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 001801F8 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00190600 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00190804 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00190A08 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 001901F8 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 001903FC .text C:\Windows\system32\services.exe[740] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\lsass.exe[752] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\lsm.exe[764] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[812] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\winlogon.exe[840] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\igfxext.exe[944] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001501F8 .text C:\Windows\system32\igfxext.exe[944] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001503FC .text C:\Windows\system32\igfxext.exe[944] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\igfxext.exe[944] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00170600 .text C:\Windows\system32\igfxext.exe[944] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00170804 .text C:\Windows\system32\igfxext.exe[944] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\igfxext.exe[944] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\igfxext.exe[944] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 001703FC .text C:\Windows\system32\igfxext.exe[944] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 001803FC .text C:\Windows\system32\igfxext.exe[944] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00180600 .text C:\Windows\system32\igfxext.exe[944] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00181014 .text C:\Windows\system32\igfxext.exe[944] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00180804 .text C:\Windows\system32\igfxext.exe[944] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00180A08 .text C:\Windows\system32\igfxext.exe[944] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00180C0C .text C:\Windows\system32\igfxext.exe[944] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00180E10 .text C:\Windows\system32\igfxext.exe[944] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\svchost.exe[952] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1028] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 000501F8 .text C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 000503FC .text C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00070600 .text C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00070804 .text C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00070A08 .text C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 000701F8 .text C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 000703FC .text C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 000803FC .text C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00080600 .text C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00081014 .text C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00080804 .text C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00080A08 .text C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00080C0C .text C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00080E10 .text C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\AUDIODG.EXE[1296] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\RtHDVCpl.exe[1408] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001501F8 .text C:\Windows\RtHDVCpl.exe[1408] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001503FC .text C:\Windows\RtHDVCpl.exe[1408] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\RtHDVCpl.exe[1408] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 001703FC .text C:\Windows\RtHDVCpl.exe[1408] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00170600 .text C:\Windows\RtHDVCpl.exe[1408] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00171014 .text C:\Windows\RtHDVCpl.exe[1408] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00170804 .text C:\Windows\RtHDVCpl.exe[1408] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00170A08 .text C:\Windows\RtHDVCpl.exe[1408] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00170C0C .text C:\Windows\RtHDVCpl.exe[1408] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00170E10 .text C:\Windows\RtHDVCpl.exe[1408] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 001701F8 .text C:\Windows\RtHDVCpl.exe[1408] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00180600 .text C:\Windows\RtHDVCpl.exe[1408] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00180804 .text C:\Windows\RtHDVCpl.exe[1408] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00180A08 .text C:\Windows\RtHDVCpl.exe[1408] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 001801F8 .text C:\Windows\RtHDVCpl.exe[1408] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001401F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001403FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00160600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00160804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00160A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00171014 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00170C0C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00170E10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1680] kernel32.dll!SetUnhandledExceptionFilter 7719A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1680] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\WLANExt.exe[1688] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1756] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1884] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1896] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text ... .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001401F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001403FC .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00160600 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00160804 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00160A08 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 001701F8 .text C:\Windows\System32\igfxpers.exe[2280] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001501F8 .text C:\Windows\System32\igfxpers.exe[2280] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001503FC .text C:\Windows\System32\igfxpers.exe[2280] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\System32\igfxpers.exe[2280] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00180600 .text C:\Windows\System32\igfxpers.exe[2280] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00180804 .text C:\Windows\System32\igfxpers.exe[2280] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00180A08 .text C:\Windows\System32\igfxpers.exe[2280] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 001801F8 .text C:\Windows\System32\igfxpers.exe[2280] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 001803FC .text C:\Windows\System32\igfxpers.exe[2280] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 001903FC .text C:\Windows\System32\igfxpers.exe[2280] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00190600 .text C:\Windows\System32\igfxpers.exe[2280] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00191014 .text C:\Windows\System32\igfxpers.exe[2280] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00190804 .text C:\Windows\System32\igfxpers.exe[2280] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00190A08 .text C:\Windows\System32\igfxpers.exe[2280] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00190C0C .text C:\Windows\System32\igfxpers.exe[2280] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00190E10 .text C:\Windows\System32\igfxpers.exe[2280] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 001901F8 .text C:\Windows\system32\svchost.exe[2404] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2404] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2404] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2404] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2404] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2404] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2404] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2404] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2404] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2404] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2404] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2404] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 000C0600 .text C:\Windows\system32\svchost.exe[2404] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\svchost.exe[2404] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\svchost.exe[2404] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\svchost.exe[2404] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 000C03FC .text C:\Windows\system32\Dwm.exe[2444] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 000501F8 .text C:\Windows\system32\Dwm.exe[2444] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 000503FC .text C:\Windows\system32\Dwm.exe[2444] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\Dwm.exe[2444] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\Dwm.exe[2444] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\Dwm.exe[2444] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\Dwm.exe[2444] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\Dwm.exe[2444] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\Dwm.exe[2444] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00070C0C .text C:\Windows\system32\Dwm.exe[2444] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\Dwm.exe[2444] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\Dwm.exe[2444] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[2444] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[2444] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[2444] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[2444] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 000803FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001501F8 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001503FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00170600 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00170804 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 001703FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 001803FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00180600 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00181014 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00180804 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00180A08 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00180C0C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00180E10 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 001803FC .text C:\Windows\system32\svchost.exe[2596] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2596] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2596] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 000701F8 .text C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001501F8 .text C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001503FC .text C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 001703FC .text C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00170600 .text C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00171014 .text C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00170804 .text C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00170A08 .text C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00170C0C .text C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00170E10 .text C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 001701F8 .text C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00180600 .text C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00180804 .text C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00180A08 .text C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 001801F8 .text C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 001803FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001401F8 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001403FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00190600 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00190804 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00190A08 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 001901F8 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 001903FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 001A03FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 001A0600 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 001A1014 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 001A0804 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 001A0A08 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 001A0C0C .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 001A0E10 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 001A01F8 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001501F8 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001503FC .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00170600 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00170804 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 001703FC .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 001803FC .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00180600 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00181014 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00180804 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00180A08 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00180C0C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00180E10 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\svchost.exe[2692] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2692] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[2732] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[2732] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[2732] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\System32\svchost.exe[2732] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[2732] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[2732] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[2732] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00081014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00080C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00080E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 000D0600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 000D0804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 000D0A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 000D01F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 000D03FC .text C:\Windows\system32\SearchIndexer.exe[2832] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchIndexer.exe[2832] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchIndexer.exe[2832] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[2832] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[2832] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchIndexer.exe[2832] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchIndexer.exe[2832] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchIndexer.exe[2832] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchIndexer.exe[2832] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchIndexer.exe[2832] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchIndexer.exe[2832] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[2832] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00090600 .text C:\Windows\system32\SearchIndexer.exe[2832] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00090804 .text C:\Windows\system32\SearchIndexer.exe[2832] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00090A08 .text C:\Windows\system32\SearchIndexer.exe[2832] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 000901F8 .text C:\Windows\system32\SearchIndexer.exe[2832] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 000903FC .text C:\Users\Surfen\Downloads\hsh9c61l.exe[2872] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\WUDFHost.exe[2972] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 000501F8 .text C:\Windows\system32\WUDFHost.exe[2972] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 000503FC .text C:\Windows\system32\WUDFHost.exe[2972] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\WUDFHost.exe[2972] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 001703FC .text C:\Windows\system32\WUDFHost.exe[2972] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00170600 .text C:\Windows\system32\WUDFHost.exe[2972] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00171014 .text C:\Windows\system32\WUDFHost.exe[2972] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00170804 .text C:\Windows\system32\WUDFHost.exe[2972] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00170A08 .text C:\Windows\system32\WUDFHost.exe[2972] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00170C0C .text C:\Windows\system32\WUDFHost.exe[2972] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00170E10 .text C:\Windows\system32\WUDFHost.exe[2972] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\WUDFHost.exe[2972] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00180600 .text C:\Windows\system32\WUDFHost.exe[2972] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00180804 .text C:\Windows\system32\WUDFHost.exe[2972] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00180A08 .text C:\Windows\system32\WUDFHost.exe[2972] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 001801F8 .text C:\Windows\system32\WUDFHost.exe[2972] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00071014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00070C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00070E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 000803FC .text C:\Windows\System32\hkcmd.exe[3224] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001501F8 .text C:\Windows\System32\hkcmd.exe[3224] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001503FC .text C:\Windows\System32\hkcmd.exe[3224] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\System32\hkcmd.exe[3224] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00180600 .text C:\Windows\System32\hkcmd.exe[3224] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00180804 .text C:\Windows\System32\hkcmd.exe[3224] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00180A08 .text C:\Windows\System32\hkcmd.exe[3224] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 001801F8 .text C:\Windows\System32\hkcmd.exe[3224] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 001803FC .text C:\Windows\System32\hkcmd.exe[3224] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 001903FC .text C:\Windows\System32\hkcmd.exe[3224] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00190600 .text C:\Windows\System32\hkcmd.exe[3224] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00191014 .text C:\Windows\System32\hkcmd.exe[3224] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00190804 .text C:\Windows\System32\hkcmd.exe[3224] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00190A08 .text C:\Windows\System32\hkcmd.exe[3224] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00190C0C .text C:\Windows\System32\hkcmd.exe[3224] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00190E10 .text C:\Windows\System32\hkcmd.exe[3224] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 001901F8 .text C:\Windows\System32\igfxtray.exe[3260] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001501F8 .text C:\Windows\System32\igfxtray.exe[3260] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001503FC .text C:\Windows\System32\igfxtray.exe[3260] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\System32\igfxtray.exe[3260] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00180600 .text C:\Windows\System32\igfxtray.exe[3260] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00180804 .text C:\Windows\System32\igfxtray.exe[3260] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00180A08 .text C:\Windows\System32\igfxtray.exe[3260] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 001801F8 .text C:\Windows\System32\igfxtray.exe[3260] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 001803FC .text C:\Windows\System32\igfxtray.exe[3260] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 001903FC .text C:\Windows\System32\igfxtray.exe[3260] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00190600 .text C:\Windows\System32\igfxtray.exe[3260] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00191014 .text C:\Windows\System32\igfxtray.exe[3260] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00190804 .text C:\Windows\System32\igfxtray.exe[3260] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00190A08 .text C:\Windows\System32\igfxtray.exe[3260] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00190C0C .text C:\Windows\System32\igfxtray.exe[3260] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00190E10 .text C:\Windows\System32\igfxtray.exe[3260] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 001901F8 .text C:\Windows\system32\igfxsrvc.exe[3368] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001501F8 .text C:\Windows\system32\igfxsrvc.exe[3368] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001503FC .text C:\Windows\system32\igfxsrvc.exe[3368] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\igfxsrvc.exe[3368] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00170600 .text C:\Windows\system32\igfxsrvc.exe[3368] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00170804 .text C:\Windows\system32\igfxsrvc.exe[3368] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\igfxsrvc.exe[3368] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\igfxsrvc.exe[3368] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 001703FC .text C:\Windows\system32\igfxsrvc.exe[3368] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 001803FC .text C:\Windows\system32\igfxsrvc.exe[3368] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00180600 .text C:\Windows\system32\igfxsrvc.exe[3368] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00181014 .text C:\Windows\system32\igfxsrvc.exe[3368] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00180804 .text C:\Windows\system32\igfxsrvc.exe[3368] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00180A08 .text C:\Windows\system32\igfxsrvc.exe[3368] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00180C0C .text C:\Windows\system32\igfxsrvc.exe[3368] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00180E10 .text C:\Windows\system32\igfxsrvc.exe[3368] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 001801F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3432] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3432] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 000503FC .text C:\Program Files\Windows Sidebar\sidebar.exe[3432] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3432] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 000803FC .text C:\Program Files\Windows Sidebar\sidebar.exe[3432] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00080600 .text C:\Program Files\Windows Sidebar\sidebar.exe[3432] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00081014 .text C:\Program Files\Windows Sidebar\sidebar.exe[3432] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00080804 .text C:\Program Files\Windows Sidebar\sidebar.exe[3432] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[3432] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00080C0C .text C:\Program Files\Windows Sidebar\sidebar.exe[3432] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00080E10 .text C:\Program Files\Windows Sidebar\sidebar.exe[3432] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3432] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00090600 .text C:\Program Files\Windows Sidebar\sidebar.exe[3432] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00090804 .text C:\Program Files\Windows Sidebar\sidebar.exe[3432] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00090A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[3432] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 000901F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3432] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 000903FC .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001601F8 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001603FC .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00270600 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00270804 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00270A08 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 002701F8 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 002703FC .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 002803FC .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00280600 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00281014 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00280804 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00280A08 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00280C0C .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00280E10 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 002801F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001501F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001503FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 003903FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00390600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00391014 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00390804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00390A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00390C0C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00390E10 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 003901F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 003A0600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 003A0804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 003A0A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 003A01F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 003A03FC .text C:\Windows\ehome\ehtray.exe[3732] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 000501F8 .text C:\Windows\ehome\ehtray.exe[3732] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 000503FC .text C:\Windows\ehome\ehtray.exe[3732] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\ehome\ehtray.exe[3732] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 000803FC .text C:\Windows\ehome\ehtray.exe[3732] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00080600 .text C:\Windows\ehome\ehtray.exe[3732] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00081014 .text C:\Windows\ehome\ehtray.exe[3732] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00080804 .text C:\Windows\ehome\ehtray.exe[3732] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00080A08 .text C:\Windows\ehome\ehtray.exe[3732] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00080C0C .text C:\Windows\ehome\ehtray.exe[3732] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00080E10 .text C:\Windows\ehome\ehtray.exe[3732] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 000801F8 .text C:\Windows\ehome\ehtray.exe[3732] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 000D0600 .text C:\Windows\ehome\ehtray.exe[3732] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 000D0804 .text C:\Windows\ehome\ehtray.exe[3732] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 000D0A08 .text C:\Windows\ehome\ehtray.exe[3732] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 000D01F8 .text C:\Windows\ehome\ehtray.exe[3732] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 000D03FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00180600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00181014 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00180C0C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00180E10 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\taskeng.exe[3812] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[3812] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[3812] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[3812] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[3812] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[3812] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\taskeng.exe[3812] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[3812] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[3812] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00080C0C .text C:\Windows\system32\taskeng.exe[3812] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\taskeng.exe[3812] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[3812] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00090600 .text C:\Windows\system32\taskeng.exe[3812] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00090804 .text C:\Windows\system32\taskeng.exe[3812] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00090A08 .text C:\Windows\system32\taskeng.exe[3812] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 000901F8 .text C:\Windows\system32\taskeng.exe[3812] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 000903FC .text C:\Windows\Explorer.EXE[3864] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 000501F8 .text C:\Windows\Explorer.EXE[3864] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 000503FC .text C:\Windows\Explorer.EXE[3864] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 000703FC .text C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00070600 .text C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00071014 .text C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00070804 .text C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00070A08 .text C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00070C0C .text C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00070E10 .text C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 000701F8 .text C:\Windows\Explorer.EXE[3864] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00080600 .text C:\Windows\Explorer.EXE[3864] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00080804 .text C:\Windows\Explorer.EXE[3864] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00080A08 .text C:\Windows\Explorer.EXE[3864] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 000801F8 .text C:\Windows\Explorer.EXE[3864] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 000803FC .text C:\Windows\ehome\ehmsas.exe[3868] ntdll.dll!LdrLoadDll 77649378 5 Bytes JMP 000401F8 .text C:\Windows\ehome\ehmsas.exe[3868] ntdll.dll!LdrUnloadDll 7765B680 5 Bytes JMP 000403FC .text C:\Windows\ehome\ehmsas.exe[3868] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] .text C:\Windows\ehome\ehmsas.exe[3868] ADVAPI32.dll!CreateServiceW 76F29EB4 5 Bytes JMP 000603FC .text C:\Windows\ehome\ehmsas.exe[3868] ADVAPI32.dll!DeleteService 76F2A07E 5 Bytes JMP 00060600 .text C:\Windows\ehome\ehmsas.exe[3868] ADVAPI32.dll!SetServiceObjectSecurity 76F66CD9 5 Bytes JMP 00061014 .text C:\Windows\ehome\ehmsas.exe[3868] ADVAPI32.dll!ChangeServiceConfigA 76F66DD9 5 Bytes JMP 00060804 .text C:\Windows\ehome\ehmsas.exe[3868] ADVAPI32.dll!ChangeServiceConfigW 76F66F81 5 Bytes JMP 00060A08 .text C:\Windows\ehome\ehmsas.exe[3868] ADVAPI32.dll!ChangeServiceConfig2A 76F67099 5 Bytes JMP 00060C0C .text C:\Windows\ehome\ehmsas.exe[3868] ADVAPI32.dll!ChangeServiceConfig2W 76F671E1 5 Bytes JMP 00060E10 .text C:\Windows\ehome\ehmsas.exe[3868] ADVAPI32.dll!CreateServiceA 76F672A1 5 Bytes JMP 000601F8 .text C:\Windows\ehome\ehmsas.exe[3868] USER32.dll!SetWindowsHookExA 75CE6322 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehmsas.exe[3868] USER32.dll!SetWindowsHookExW 75CE87AD 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehmsas.exe[3868] USER32.dll!UnhookWindowsHookEx 75CE98DB 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehmsas.exe[3868] USER32.dll!SetWinEventHook 75CE9F3A 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehmsas.exe[3868] USER32.dll!UnhookWinEvent 75CEC06F 5 Bytes JMP 000703FC .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3976] kernel32.dll!GetBinaryTypeW + 70 771C2467 1 Byte [62] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[740] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002 IAT C:\Windows\system32\services.exe[740] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1680] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7384F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\afwServ.exe[1756] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7384F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3976] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7384F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) ---- EOF - GMER 1.0.15 ---- --- --- --- das andere mache ich gleich noch. |
25.10.2012, 19:10 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet ganz viele PUPBlabbers Kommen die anderen Logs noch?
__________________ Logfiles bitte immer in CODE-Tags posten |
25.10.2012, 20:21 | #21 |
| Malewarebytes findet ganz viele PUPBlabbers Ich hab irgendwas falsch gemacht. Habe versucht osam mit winzip zu entpacken. Das ging nicht - die zuordnung oder sowas hat nicht gepasst...es konnte keine exe-datei geöffnent werden. Ich glaube ich wollte dann versuchen das anders zu öffnen und habe angeklickt: öffnen mit-adobe reader. Und nun geht gar nix mehr. Mein Lappi öffnet überhaupt keine exe-dateien mehr und ich kann nicht mehr ins internet. Ichbin jetzt mit dem Administrator-Konto online. Hier gehts noch. Hast du vlllt ne Idee, wie ich das wieder hinkriege? Ohman... ganz liebe Grüße Fabienne |
25.10.2012, 22:05 | #22 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet ganz viele PUPBlabbersZitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
25.10.2012, 23:09 | #23 |
| Malewarebytes findet ganz viele PUPBlabbers Oh nein! Ich habe mich schlicht und einfach verlesen. Nein, ich gar nichts mehr öffnen. Aber im Administratorkonto ist alle in Ordnung. Kann ich die Scans auch da machen? |
26.10.2012, 12:43 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet ganz viele PUPBlabbers Ja geht auch, aber frag mich nicht was du genau in deinem anderen Konto zerbröselt hast
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Malewarebytes findet ganz viele PUPBlabbers |
.dll, administrator, anti-malware, autostart, avast, dateien, explorer, helper, infizierte, install, install.exe, malwarebytes, microsoft, programm, scan, security, security system, service, service pack 2, software, speicher, system, uninstall.exe, version, virendatenbank, vista |