| |
| |||||||
Log-Analyse und Auswertung: delfix hat ESET-Quarantäne nicht gelöschtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.04.2013, 12:47
| #1 |
 |  delfix hat ESET-Quarantäne nicht gelöscht Ich habe hier im Board Hilfe bekommen, nachdem Norton bei mir einen Trojaner entdeckt hat. Einer der letzten Schritte dieser Hilfe war es, dass ESET das gesamte System gescannt hat. Hierbei wurde noch einmal drei infizierte Dateien gefunden, die eigentlich durch delfix gelöscht werden sollten. Ich habe alles so ausgeführt wie vorgeschrieben, allerdings findet ESET diese drei infizierten Dateien wieder, wenn ich mein System scanne. Ich hänge u.a. das ESET-Log an. OTL: Code:
ATTFilter OTL logfile created on: 05.04.2013 13:20:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lupus\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,18% Memory free 15,95 Gb Paging File | 14,28 Gb Available in Paging File | 89,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 26,39 Gb Free Space | 23,60% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 19,63 Gb Free Space | 40,20% Space Free | Partition Type: NTFS Drive E: | 465,71 Gb Total Space | 463,49 Gb Free Space | 99,52% Space Free | Partition Type: NTFS Drive F: | 465,71 Gb Total Space | 11,46 Gb Free Space | 2,46% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 43,12 Gb Free Space | 88,30% Space Free | Partition Type: NTFS Drive H: | 146,48 Gb Total Space | 125,23 Gb Free Space | 85,49% Space Free | Partition Type: NTFS Drive I: | 128,47 Gb Total Space | 128,38 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive J: | 3,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: LPC | User Name: Lupus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.05 13:19:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lupus\Desktop\OTL.exe PRC - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2013.02.07 14:31:20 | 000,660,504 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe ========== Modules (No Company Name) ========== MOD - [2013.02.13 19:54:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.11 19:58:49 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll MOD - [2013.01.11 19:58:49 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll MOD - [2013.01.11 14:42:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.11 14:41:56 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.11 14:41:49 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.11 14:41:46 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.11 14:41:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.11 14:41:44 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.11 14:41:41 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.0.36\wincfi39.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) Code:
ATTFilter OTL Extras logfile created on: 05.04.2013 13:20:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lupus\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,18% Memory free
15,95 Gb Paging File | 14,28 Gb Available in Paging File | 89,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 26,39 Gb Free Space | 23,60% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 19,63 Gb Free Space | 40,20% Space Free | Partition Type: NTFS
Drive E: | 465,71 Gb Total Space | 463,49 Gb Free Space | 99,52% Space Free | Partition Type: NTFS
Drive F: | 465,71 Gb Total Space | 11,46 Gb Free Space | 2,46% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 43,12 Gb Free Space | 88,30% Space Free | Partition Type: NTFS
Drive H: | 146,48 Gb Total Space | 125,23 Gb Free Space | 85,49% Space Free | Partition Type: NTFS
Drive I: | 128,47 Gb Total Space | 128,38 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive J: | 3,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: LPC | User Name: Lupus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F42B11-F11F-48B9-8DEE-9451E6566B2D}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0509AFE0-8850-47D2-B54D-0A99B1FF4A85}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{063007B3-7A35-49B3-B23C-FD87B6C35103}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{0FB5D2DA-2C3F-4029-B981-882E5F9D7A07}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{159EADCE-93AB-4CDC-88E5-7F95A0C01684}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{1BC49579-4F1B-471A-9916-3B180DEFE218}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{1D6A5437-1B1D-45A1-9EB6-048CA5250004}" = dir=in | app=c:\users\lupus\appdata\roaming\allmyapps\allmyapps.exe |
"{21ADC497-0D79-493E-8CE2-E3105823D4C5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{2559D81F-10D1-4752-8030-1767365FD653}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{2B5E958D-7F8B-4547-B176-CB033A928D9C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{320D3157-AA22-4A28-AC18-920DB229DBBA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{3D0EA668-754B-41C8-A337-F6AAF44775CA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{4CFFFCB7-FF0A-4651-B263-DD2F7FE22039}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{5396EADC-4F6A-48EA-B689-5A53C8770F5E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5CB054AA-230D-4947-B60F-61DF1EA8DB85}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{6007612C-2235-4320-BCCA-D06C294E8CE7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{629FA4DF-FC15-468B-B5EE-ACEC9F664761}" = protocol=6 | dir=in | app=d:\program files (x86)\pinnacle\studio 12\programs\umi.exe |
"{7061859E-2EC7-4D73-8A79-33151C989DF6}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{716AB1B2-10EF-4961-A939-A7E0B6675985}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{7777EB73-205B-463E-96D7-93A27F2A110F}" = protocol=6 | dir=in | app=d:\program files (x86)\pinnacle\studio 12\programs\rm.exe |
"{9011108E-E8C2-4BA0-B5D3-0E3FB008B16F}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{9696D5E9-9E3C-499D-8029-6C422187B60B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{9DCD32D7-59A4-46B8-A388-D9B5329FAEF0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{A0FDF7A9-D551-43A6-91F7-20985C3D6C22}" = protocol=17 | dir=in | app=d:\program files (x86)\pinnacle\studio 12\programs\umi.exe |
"{A41BB95A-D869-48AA-9091-8468628940A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{A8B62E71-A5DF-41F7-B486-AEB25CA29714}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B193C872-938D-4931-863C-894E24CAACBA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |
"{B77F109D-787C-4211-99CD-C2CF9F5A8B8D}" = protocol=6 | dir=in | app=d:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"{B8A34D5E-BB46-4E1E-B9E5-21A670066A98}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BC9E6853-2A7D-4C80-8D04-4CA7D5E5A867}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{BE965B46-0752-44E2-8216-7C336FB46FDA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C756E9EE-33FF-42F0-8EAB-D18BEDCADE92}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{CD57808F-6B6F-4F7E-B9D9-F60A8168B90E}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{D35CE453-D226-4902-92BC-993730B6A3ED}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{D5288018-6D02-4BFD-AAE1-8810E5329BE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D6D10818-DEDE-43A4-9908-120122D1E3BD}" = protocol=17 | dir=in | app=d:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"{D8163290-CF69-43EF-9F19-7FFC4591F95C}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{DC891C6D-016C-4F4F-9724-5BE81FE74506}" = protocol=17 | dir=in | app=d:\program files (x86)\pinnacle\studio 12\programs\rm.exe |
"{EFE0ACB4-79C4-48C9-93A4-6B6487C4DAEF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{F741631A-423D-4783-A079-9805F40720F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |
"{F7D753A0-2EDE-4780-BCF3-FCD7414AE713}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{FA5E6A3F-F80C-498C-8912-BCE32511A875}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"TCP Query User{03772620-52C6-48A7-B027-34FE819887B1}D:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=d:\program files (x86)\tmunitedforever\tmforever.exe |
"TCP Query User{B2D495BF-290A-43A8-A8CB-765CE3E8566E}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{E4CD0165-5595-4B6A-89E1-1CC60EFF48EB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{FD06704E-0C04-421C-B073-A532E69D8648}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{06343FD1-D856-4B49-A32B-42A50F0916E5}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{48844CD4-2007-40BC-9F0E-8BFC196EBB82}D:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=d:\program files (x86)\tmunitedforever\tmforever.exe |
"UDP Query User{53AD8C0E-05FB-4725-A495-E6329E6CE3CC}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{C4EAC46A-67D2-4BF7-8620-4FF7DC3B5BA8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Treiber
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"GIMP-2_is1" = GIMP 2.8.4
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{37F79692-6F8A-487E-BF5A-A1E3227D9830}" = HFX Volume 2
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{468B359F-BAEF-466F-BB82-5EDEA1D8B2FB}" = HFX Volume 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{55F7D521-17CA-454D-9D4D-975EF2E10708}_is1" = Torchlight II
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE67144-F235-4FAB-8E0E-1C04D724B2CE}" = Studio Premium Pack 1
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{CA9B76C4-4E1F-4946-80B1-9E5E8886D7AE}" = Studio Premium Pack 2
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA89C3ED-8EC5-457F-A31C-AE208C1CF024}" = ACD Product-Security-Vulnerability Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Black Mirror 2_is1" = Black Mirror 2
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"Diablo III" = Diablo III
"Dream Pinball 3D" = Dream Pinball 3D
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0 (build 25)
"FolderVisualizer_is1" = FolderVisualizer
"Free Download Manager_is1" = Free Download Manager 3.9
"Free FLV Converter_is1" = Free FLV Converter V 7.3.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"ManiaPlanet_is1" = ManiaPlanet
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"NIS" = Norton Internet Security
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Secunia PSI" = Secunia PSI (3.0.0.6005)
"Steam App 102600" = Orcs Must Die!
"Steam App 203810" = Dear Esther
"Steam App 207170" = Legend of Grimrock
"Steam App 550" = Left 4 Dead 2
"TmUnited_is1" = TrackMania United 0.2.0.8
"TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15
"TrueCrypt" = TrueCrypt
"Winamp" = Winamp
"X2TheThreat_is1" = X2 The Threat v1.5
"X3Reunion_is1" = X3 Reunion v2.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.11.2012 13:57:45 | Computer Name = LPC | Source = WinMgmt | ID = 10
Description =
Error - 21.11.2012 16:36:42 | Computer Name = LPC | Source = WinMgmt | ID = 10
Description =
Error - 22.11.2012 02:07:29 | Computer Name = LPC | Source = WinMgmt | ID = 10
Description =
Error - 22.11.2012 15:19:18 | Computer Name = LPC | Source = WinMgmt | ID = 10
Description =
Error - 23.11.2012 02:09:41 | Computer Name = LPC | Source = WinMgmt | ID = 10
Description =
Error - 23.11.2012 03:08:48 | Computer Name = LPC | Source = WinMgmt | ID = 10
Description =
Error - 23.11.2012 08:33:18 | Computer Name = LPC | Source = WinMgmt | ID = 10
Description =
Error - 23.11.2012 15:18:48 | Computer Name = LPC | Source = WinMgmt | ID = 10
Description =
Error - 23.11.2012 16:44:22 | Computer Name = LPC | Source = WinMgmt | ID = 10
Description =
Error - 24.11.2012 03:57:42 | Computer Name = LPC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 04.04.2013 16:14:14 | Computer Name = LPC | Source = DCOM | ID = 10005
Description =
Error - 04.04.2013 16:14:15 | Computer Name = LPC | Source = DCOM | ID = 10005
Description =
Error - 04.04.2013 16:14:14 | Computer Name = LPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.04.2013 16:14:14 | Computer Name = LPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.04.2013 16:14:15 | Computer Name = LPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.04.2013 16:14:15 | Computer Name = LPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.04.2013 16:14:15 | Computer Name = LPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.04.2013 16:14:15 | Computer Name = LPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.04.2013 16:14:15 | Computer Name = LPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.04.2013 16:14:15 | Computer Name = LPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-05 13:38:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 OCZ-VERT rev.2.11 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Lupus\AppData\Local\Temp\pxldapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e3fc90 5 bytes JMP 000000010027091c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e3fdf4 5 bytes JMP 0000000100270048
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e3fe88 5 bytes JMP 00000001002702ee
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e3ffe4 5 bytes JMP 00000001002704b2
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e40018 5 bytes JMP 00000001002709fe
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e40048 5 bytes JMP 0000000100270ae0
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e40064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e4077c 5 bytes JMP 000000010027012a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e4086c 5 bytes JMP 0000000100270758
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e40884 5 bytes JMP 0000000100270676
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e40dd4 5 bytes JMP 00000001002703d0
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e41900 5 bytes JMP 0000000100270594
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e41bc4 5 bytes JMP 000000010027083a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e41d50 5 bytes JMP 000000010027020c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007747524f 7 bytes JMP 0000000100270f52
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000774753d0 7 bytes JMP 0000000100280210
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077475677 1 byte JMP 0000000100280048
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077475679 5 bytes {JMP 0xffffffff88e0a9d1}
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007747589a 7 bytes JMP 0000000100270ca6
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077475a1d 7 bytes JMP 00000001002803d8
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077475c9b 7 bytes JMP 000000010028012c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077475d87 7 bytes JMP 00000001002802f4
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077477240 7 bytes JMP 0000000100270e6e
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[152] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000774f1492 7 bytes JMP 00000001002804bc
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e3fc90 5 bytes JMP 00000001000e091c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e3fdf4 5 bytes JMP 00000001000e0048
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e3fe88 5 bytes JMP 00000001000e02ee
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e3ffe4 5 bytes JMP 00000001000e04b2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e40018 5 bytes JMP 00000001000e09fe
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e40048 5 bytes JMP 00000001000e0ae0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e40064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e4077c 5 bytes JMP 00000001000e012a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e4086c 5 bytes JMP 00000001000e0758
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e40884 5 bytes JMP 00000001000e0676
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e40dd4 5 bytes JMP 00000001000e03d0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e41900 5 bytes JMP 00000001000e0594
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e41bc4 5 bytes JMP 00000001000e083a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e41d50 5 bytes JMP 00000001000e020c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000774f1492 7 bytes JMP 00000001000f059e
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007747524f 7 bytes JMP 00000001000e0f52
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000774753d0 7 bytes JMP 00000001000f0210
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077475677 1 byte JMP 00000001000f0048
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077475679 5 bytes {JMP 0xffffffff88c7a9d1}
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007747589a 7 bytes JMP 00000001000e0ca6
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077475a1d 7 bytes JMP 00000001000f03d8
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077475c9b 7 bytes JMP 00000001000f012c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077475d87 7 bytes JMP 00000001000f02f4
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077477240 7 bytes JMP 00000001000e0e6e
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e3fc90 5 bytes JMP 000000010029091c
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e3fdf4 5 bytes JMP 0000000100290048
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e3fe88 5 bytes JMP 00000001002902ee
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e3ffe4 5 bytes JMP 00000001002904b2
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e40018 5 bytes JMP 00000001002909fe
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e40048 5 bytes JMP 0000000100290ae0
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e40064 5 bytes JMP 000000010003004c
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e4077c 5 bytes JMP 000000010029012a
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e4086c 5 bytes JMP 0000000100290758
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e40884 5 bytes JMP 0000000100290676
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e40dd4 5 bytes JMP 00000001002903d0
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e41900 5 bytes JMP 0000000100290594
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e41bc4 5 bytes JMP 000000010029083a
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e41d50 5 bytes JMP 000000010029020c
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000774f1492 7 bytes JMP 00000001002a04bc
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007747524f 7 bytes JMP 0000000100290f52
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000774753d0 7 bytes JMP 00000001002a0210
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077475677 1 byte JMP 00000001002a0048
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077475679 5 bytes {JMP 0xffffffff88e2a9d1}
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007747589a 7 bytes JMP 0000000100290ca6
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077475a1d 7 bytes JMP 00000001002a03d8
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077475c9b 7 bytes JMP 00000001002a012c
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077475d87 7 bytes JMP 00000001002a02f4
.text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[1936] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077477240 7 bytes JMP 0000000100290e6e
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e3fc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e3fdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e3fe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e3ffe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e40018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e40048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e40064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e4077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e4086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e40884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e40dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e41900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e41bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e41d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000774f1492 7 bytes JMP 000000010011059e
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007747524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000774753d0 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077475677 1 byte JMP 0000000100110048
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077475679 5 bytes {JMP 0xffffffff88c9a9d1}
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007747589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077475a1d 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077475c9b 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077475d87 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077477240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076181465 2 bytes [18, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761814bb 2 bytes [18, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e3fc90 5 bytes JMP 00000001000a091c
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e3fdf4 5 bytes JMP 00000001000a0048
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e3fe88 5 bytes JMP 00000001000a02ee
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e3ffe4 5 bytes JMP 00000001000a04b2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e40018 5 bytes JMP 00000001000a09fe
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e40048 5 bytes JMP 00000001000a0ae0
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e40064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e4077c 5 bytes JMP 00000001000a012a
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e4086c 5 bytes JMP 00000001000a0758
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e40884 5 bytes JMP 00000001000a0676
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e40dd4 5 bytes JMP 00000001000a03d0
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e41900 5 bytes JMP 00000001000a0594
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e41bc4 5 bytes JMP 00000001000a083a
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e41d50 5 bytes JMP 00000001000a020c
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007747524f 7 bytes JMP 00000001000a0f52
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000774753d0 7 bytes JMP 0000000100160210
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077475677 1 byte JMP 0000000100160048
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077475679 5 bytes {JMP 0xffffffff88cea9d1}
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007747589a 7 bytes JMP 00000001000a0ca6
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077475a1d 7 bytes JMP 00000001001603d8
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077475c9b 7 bytes JMP 000000010016012c
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077475d87 7 bytes JMP 00000001001602f4
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077477240 7 bytes JMP 00000001000a0e6e
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076181465 2 bytes [18, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761814bb 2 bytes [18, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e3fc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e3fdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e3fe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e3ffe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e40018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e40048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e40064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e4077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e4086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e40884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e40dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e41900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e41bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e41d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076181465 2 bytes [18, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761814bb 2 bytes [18, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000774f1492 7 bytes JMP 0000000100110762
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007747524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000774753d0 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077475677 1 byte JMP 0000000100110048
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077475679 5 bytes {JMP 0xffffffff88c9a9d1}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007747589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077475a1d 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077475c9b 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077475d87 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4032] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077477240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e3fc90 5 bytes JMP 00000001001d091c
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e3fdf4 5 bytes JMP 00000001001d0048
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e3fe88 5 bytes JMP 00000001001d02ee
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e3ffe4 5 bytes JMP 00000001001d04b2
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e40018 5 bytes JMP 00000001001d09fe
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e40048 5 bytes JMP 00000001001d0ae0
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e40064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e4077c 5 bytes JMP 00000001001d012a
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e4086c 5 bytes JMP 00000001001d0758
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e40884 5 bytes JMP 00000001001d0676
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e40dd4 5 bytes JMP 00000001001d03d0
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e41900 5 bytes JMP 00000001001d0594
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e41bc4 5 bytes JMP 00000001001d083a
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e41d50 5 bytes JMP 00000001001d020c
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000774f1492 7 bytes JMP 00000001001e059e
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007747524f 7 bytes JMP 00000001001d0f52
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000774753d0 7 bytes JMP 00000001001e0210
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077475677 1 byte JMP 00000001001e0048
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077475679 5 bytes {JMP 0xffffffff88d6a9d1}
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007747589a 7 bytes JMP 00000001001d0ca6
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077475a1d 7 bytes JMP 00000001001e03d8
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077475c9b 7 bytes JMP 00000001001e012c
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077475d87 7 bytes JMP 00000001001e02f4
.text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2856] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077477240 7 bytes JMP 00000001001d0e6e
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e3fc90 5 bytes JMP 00000001001e091c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e3fdf4 5 bytes JMP 00000001001e0048
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e3fe88 5 bytes JMP 00000001001e02ee
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e3ffe4 5 bytes JMP 00000001001e04b2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e40018 5 bytes JMP 00000001001e09fe
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e40048 5 bytes JMP 00000001001e0ae0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e40064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e4077c 5 bytes JMP 00000001001e012a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e4086c 5 bytes JMP 00000001001e0758
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e40884 5 bytes JMP 00000001001e0676
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e40dd4 5 bytes JMP 00000001001e03d0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e41900 5 bytes JMP 00000001001e0594
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e41bc4 5 bytes JMP 00000001001e083a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e41d50 5 bytes JMP 00000001001e020c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007747524f 7 bytes JMP 00000001001e0f52
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000774753d0 7 bytes JMP 0000000100270210
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077475677 1 byte JMP 0000000100270048
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077475679 5 bytes {JMP 0xffffffff88dfa9d1}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007747589a 7 bytes JMP 00000001001e0ca6
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077475a1d 7 bytes JMP 00000001002703d8
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077475c9b 7 bytes JMP 000000010027012c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077475d87 7 bytes JMP 00000001002702f4
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077477240 7 bytes JMP 00000001001e0e6e
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3760] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000774f1492 7 bytes JMP 000000010027059e
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e3fc90 5 bytes JMP 00000001001d091c
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e3fdf4 5 bytes JMP 00000001001d0048
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e3fe88 5 bytes JMP 00000001001d02ee
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e3ffe4 5 bytes JMP 00000001001d04b2
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e40018 5 bytes JMP 00000001001d09fe
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e40048 5 bytes JMP 00000001001d0ae0
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e40064 5 bytes JMP 000000010002004c
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e4077c 5 bytes JMP 00000001001d012a
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e4086c 5 bytes JMP 00000001001d0758
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e40884 5 bytes JMP 00000001001d0676
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e40dd4 5 bytes JMP 00000001001d03d0
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e41900 5 bytes JMP 00000001001d0594
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e41bc4 5 bytes JMP 00000001001d083a
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e41d50 5 bytes JMP 00000001001d020c
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007747524f 7 bytes JMP 00000001001d0f52
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000774753d0 7 bytes JMP 00000001001e0210
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077475677 1 byte JMP 00000001001e0048
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077475679 5 bytes {JMP 0xffffffff88d6a9d1}
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007747589a 7 bytes JMP 00000001001d0ca6
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077475a1d 7 bytes JMP 00000001001e03d8
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077475c9b 7 bytes JMP 00000001001e012c
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077475d87 7 bytes JMP 00000001001e02f4
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077477240 7 bytes JMP 00000001001d0e6e
.text C:\Users\Lupus\Desktop\gmer_2.1.19163.exe[4484] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000774f1492 7 bytes JMP 00000001001e04bc
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026832e1ff1
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026832e1ff1 (not active ControlSet)
---- EOF - GMER 2.1 ----
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4e38495dfc54cd4689cc1d5b4a8bf5a4
# engine=13553
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-04 10:26:00
# local_time=2013-04-05 12:26:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 91 235446 127710945 0 0
# compatibility_mode=5893 16776574 100 94 62520137 116744210 0 0
# scanned=480539
# found=3
# cleaned=0
# scan_time=4529
sh=273CD77673CBB1D99A18780AC77A962A589AA1AA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Lupus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\430db750-4db312f1"
sh=C96B6FB0A3C22CD228E7C56760326E0F505E2335 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2011-3544.BA trojan" ac=I fn="C:\Users\Lupus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5b6cf6dd-5c7d4615"
sh=A804A276D9352A76162B26D6E61F47257801F993 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NPJ trojan" ac=I fn="C:\Users\Lupus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\1cb0b870-54d39f25"
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4e38495dfc54cd4689cc1d5b4a8bf5a4
# engine=13553
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-05 06:11:17
# local_time=2013-04-05 08:11:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 91 263363 127738862 0 0
# compatibility_mode=5893 16776574 100 94 62548054 116772127 0 0
# scanned=172926
# found=3
# cleaned=0
# scan_time=1461
sh=273CD77673CBB1D99A18780AC77A962A589AA1AA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Lupus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\430db750-4db312f1"
sh=C96B6FB0A3C22CD228E7C56760326E0F505E2335 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2011-3544.BA trojan" ac=I fn="C:\Users\Lupus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5b6cf6dd-5c7d4615"
sh=A804A276D9352A76162B26D6E61F47257801F993 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NPJ trojan" ac=I fn="C:\Users\Lupus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\1cb0b870-54d39f25"
Gruß, Achim |
|
05.04.2013, 13:19
| #2 |
| /// TB-Ausbilder   | delfix hat ESET-Quarantäne nicht gelöscht Hi Achim,
__________________das sind nur Funde im Cache und nicht mehr aktiv, kein Grund zur Aufregung. Versuch sie mal so zu löschen:
Code:
ATTFilter :commands
[emptytemp]
__________________ |
|
06.04.2013, 01:23
| #3 |
| | delfix hat ESET-Quarantäne nicht gelöscht Hi Leo,
__________________danke für die Hilfe, anbei der OTL-Text: Code:
ATTFilter All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Lupus
->Temp folder emptied: 15668211 bytes
->Temporary Internet Files folder emptied: 59721659 bytes
->Java cache emptied: 18319802 bytes
->FireFox cache emptied: 73584180 bytes
->Flash cache emptied: 3411 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8243352 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78140 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 168,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04062013_021825
Files\Folders moved on Reboot...
C:\Users\Lupus\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Gruß, Achim |
|
06.04.2013, 02:47
| #4 |
| /// TB-Ausbilder | delfix hat ESET-Quarantäne nicht gelöscht Hallo Achim, und findet ESET immer noch was?
__________________ cheers, Leo |
|
06.04.2013, 15:59
| #5 |
| | delfix hat ESET-Quarantäne nicht gelöscht Nein, ich habe noch einmal mit ESET gescannt und es wurde nichts mehr gefunden! Viele Grüße Achim |
|
06.04.2013, 16:19
| #6 |
| /// TB-Ausbilder | delfix hat ESET-Quarantäne nicht gelöscht Prima. Die Bereinigung in deinem anderen Thread war ja beendet. Noch einmal delfix laufen lassen und dann ist die Sache erledigt. Downloade dir bitte delfix auf deinen Desktop.
__________________ --> delfix hat ESET-Quarantäne nicht gelöscht |
|
09.04.2013, 00:47
| #7 |
| /// TB-Ausbilder | delfix hat ESET-Quarantäne nicht gelöscht Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu delfix hat ESET-Quarantäne nicht gelöscht |
| 7-zip, adobe, adobe reader xi, audiograbber, battle.net, black, browser, canon, converter, downloader, error, eset-log, excel, flash player, format, free download, homepage, iexplore.exe, infizierte, install.exe, logfile, mozilla, nexus, ntdll.dll, realtek, registry, rundll, secunia psi, security, software, symantec, system, tcp, total commander, trojaner, udp, windows |
Textbox.
Linear-Darstellung
