Hartnäckige Tasks (Trojan.FraudPack & Trojan.Downloader lt. Malwarebytes Anti-Malware)

littleant · 20.09.2013, 16:34

Hallo zusammen,
nachdem ich schon ein paar Tage erfolglos mit einem Trojanerbefall kämpfe hat mich die Internetrecherche zu diesem Forum gebracht. Super, wie hier auf freiwilliger Basis geholfen wird !

Wäre natürlich toll, wenn ich hier auch hilfe finden könnte.

Zu meiner Leidensgeschichte. Vor einiger Zeit bemerkte ich recht hohe Uploadraten über meinen Router, dachte mir aber nichts böses, da meine installierten Schutzprogramme fröhlich vor sich hin schwiegen.
Dann entschloss ich mich doch, mal ein anderes Programm zu nutzen und startete Malwarebytes der auch gleich einige Treffer zeigte.
Die meisten Treffer hat das Programm auch brav bereinigt aber ein paar sind (beim Flashscan) übriggeblieben, die das Programm nicht beheben kann (leider habe ich die alten Logfiles nicht mehr

):

Auszug:
Infizierte Dateien: 3
c:\windows\tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Löschen bei Neustart.
c:\windows\tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Löschen bei Neustart.
c:\windows\tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Löschen bei Neustart.

Leider funktioniert das Löschen beim Neustart nicht denn ein neuer Flash Scan bringt immer wieder dieselbe Nachricht.
Ausnahme: Flash Scan im abgesicherten Modus.
Alle anderen Scans von Malwarebytes aber auch von diversen anderen Progammen zeigen keinerlei Auffälligkeiten. Probiert habe ich inzwischen schon einiges:

Exterminate It!
SuperAntiSpyware
TrojanRemover
WindowsDefender
Eset
Malwarebytes
ComboFix
TDSSKiller

Ich habe die oben angeführten Tasks ein mal im Aufgabenplaner gesehen, konnte sie jedoch selbst als Administrator dort nicht löschen. Allerdings konnte ich sie manuell aus "Windows\System32\Tasks" löschen.
Seitdem sind die Tasks weder in "Windows\Tasks" noch in "Windows\System32\Tasks" noch im Aufgabenplane mehr sichtbar.
Im Rahmen der Fehlersuche habe ich auch Registry Einträge mit Verweisen auf diese Tasks gelöscht. Auch diese sind nun nicht mehr zu finden.

Trotz allem bleibt die Fehlermeldung von Malwarebytes beim Flashscan.

Interessant ist vielleicht noch, dass ein ganz neu angelegtes Administratorkonto auch gleich dieselben Scanergebnisse von Malwarebytes brachte.

Ich gebe zu, vielleicht nicht ganz ideale Voraussetzungen aber es wäre toll, wenn sich trotzdem jemand meiner annehmen könnte !

Die logs habe ich wie von der Forensoftware angefragt angehängt, da sie zu lang für das Posting gewesen wären

Herzlichen Dank im Vorraus und viele Grüße

Christian

schrauber · 20.09.2013, 17:14

Hi,

ignorier die Forensoftware. Logs immer in den Thread posten bitte, zur Not aufteilen und mehrere Posts nutzen.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

littleant · 20.09.2013, 17:24

Ok, lost gehts :-) Schonmal danke für die schnelle Antwort

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-09-2013 01
Ran by Administrator (administrator) on ELISE on 20-09-2013 15:42:17
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFService.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
() C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
() C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2041192 2012-10-10] ()
HKLM\...\Run: [tvncontrol] - C:\Program Files\TightVNC\tvnserver.exe [1696824 2012-11-20] (GlavSoft LLC.)
HKLM-x32\...\Run: [MRUTray] - C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe [741376 2009-10-09] ()
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.)
HKLM-x32\...\Run: [ThreatFire] - C:\Program Files (x86)\ThreatFire\TFTray.exe [378128 2010-01-14] (PC Tools)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] - C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1655568 2013-07-19] (Simply Super Software)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Startup: C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npfdm.dll (FreeDownloadManager.org)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Harmony Firefox Plugin) - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Extension: (Google Docs) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-08-20] ()
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] ()
R2 Marvell RAID; C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [151552 2009-10-05] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MRUWebService; C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [24635 2009-04-09] (Apache Software Foundation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
S3 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3818776 2013-02-22] ()
S4 RetroExpLauncher; C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.0\retrorun.exe [108064 2007-01-22] (EMC Corporation)
R2 ShadowControl ImageManager; C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe [1559336 2012-03-29] (StorageCraft Technology Corporation)
R2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4672336 2012-11-08] (StorageCraft Technology Corporation)
R2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [70928 2010-01-14] (PC Tools)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [1696824 2012-11-20] (GlavSoft LLC.)
R2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [71976 2012-11-08] (StorageCraft Technology Corporation)
S3 PSEXESVC; %SystemRoot%\PSEXESVC.EXE [x]

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-03-02] ()
R2 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (Windows (R) Codename Longhorn DDK provider)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2007-08-20] (EnTech Taiwan)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2007-08-20] (EnTech Taiwan)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-03-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 slabbus; C:\Windows\System32\DRIVERS\slabbus.sys [79872 2007-03-01] (MCCI Corporation)
S3 slabser; C:\Windows\System32\DRIVERS\slabser.sys [103936 2007-03-01] (MCCI Corporation)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [277288 2012-07-03] (StorageCraft Technology Corporation)
R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65072 2010-01-14] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-14] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-14] (PC Tools)
R0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [59880 2010-01-14] (PC Tools)
R0 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [50768 2010-10-13] (Windows (R) 2000 DDK provider)
R0 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-10-13] (Paragon)
S3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2010-06-06] (Check Point Software Technologies)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz130; \??\T:\Cache\Windows\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2018-05-15 09:58 - 2013-04-13 15:04 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2014-06-14 10:09 - 2013-06-12 07:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-24 10:31 - 2011-11-03 04:01 - 00056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2013-12-24 10:31 - 2009-12-04 10:08 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2013-12-24 10:31 - 2009-12-04 10:08 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2013-12-24 10:30 - 2013-08-26 09:49 - 00000000 ____D C:\Program Files\Adobe
2013-09-20 15:41 - 2013-09-20 15:41 - 00000000 ____D C:\FRST
2013-09-20 15:40 - 2013-09-20 15:40 - 01950622 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-09-20 15:37 - 2013-09-20 15:37 - 00000488 _____ C:\Windows\SysWOW64\defogger_disable.log
2013-09-20 15:37 - 2013-09-20 15:37 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-09-20 14:24 - 2013-09-20 14:24 - 00000022 _____ C:\Windows\S.dirmngr
2013-09-20 14:10 - 2013-09-20 14:10 - 00032870 _____ C:\ComboFix.txt
2013-09-20 13:20 - 2013-09-20 13:35 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2013-09-20 13:20 - 2013-09-20 13:20 - 00001085 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2013-09-20 13:20 - 2013-09-20 13:20 - 00000000 ____D C:\Users\ant\AppData\Roaming\Curiolab
2013-09-19 11:25 - 2013-09-19 11:25 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\Program Files\iTunes
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\Program Files\iPod
2013-09-19 07:50 - 2013-09-19 08:03 - 90013968 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
2013-09-19 07:25 - 2013-09-20 15:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Free Download Manager
2013-09-19 07:10 - 2013-09-19 07:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-09-19 07:05 - 2013-09-19 07:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2013-09-19 07:04 - 2013-09-19 07:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2013-09-18 16:32 - 2013-09-18 16:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-09-18 15:53 - 2013-09-18 15:53 - 00000017 _____ C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2013-09-18 15:48 - 2013-09-19 07:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-09-18 15:48 - 2013-09-18 15:48 - 00003512 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Elise-Administrator
2013-09-18 15:48 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Administrator\Documents\Simply Super Software
2013-09-18 15:48 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\PFU
2013-09-18 15:47 - 2013-09-20 14:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-09-18 15:47 - 2013-09-19 07:10 - 00002255 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2013-09-18 15:47 - 2013-09-18 17:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-09-18 15:47 - 2013-09-18 15:47 - 00065760 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-18 15:47 - 2013-09-18 15:47 - 00001381 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PFU
2013-09-18 15:46 - 2013-09-20 15:37 - 00000000 ____D C:\Users\Administrator
2013-09-18 15:46 - 2013-09-18 15:46 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2013-09-18 15:46 - 2011-05-08 19:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-09-18 15:46 - 2009-12-25 14:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-09-18 15:46 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-18 15:46 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-18 14:13 - 2013-09-18 14:13 - 00003496 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Elise-Admin
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\Documents\Simply Super Software
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PFU
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\AppData\Local\PFU
2013-09-18 14:12 - 2013-09-18 14:12 - 00002259 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2013-09-18 08:38 - 2013-09-20 14:24 - 00000896 _____ C:\Windows\setupact.log
2013-09-18 08:38 - 2013-09-20 14:17 - 00238292 _____ C:\Windows\PFRO.log
2013-09-18 08:38 - 2013-09-18 08:38 - 00000000 _____ C:\Windows\setuperr.log
2013-09-18 08:19 - 2013-09-20 14:10 - 00000000 ____D C:\Qoobox
2013-09-18 08:19 - 2013-09-18 08:40 - 00000000 ____D C:\Windows\erdnt
2013-09-18 08:19 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-18 08:19 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-18 08:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-18 08:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-18 08:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-18 08:19 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-18 08:19 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-18 08:19 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-18 08:17 - 2013-09-20 13:42 - 05128554 ____R (Swearware) C:\Users\ant\Desktop\ComboFix.exe
2013-09-18 08:14 - 2013-09-20 08:14 - 00000506 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bbe22df2-2f56-4970-8fb3-49b775ae2d20.job
2013-09-18 08:14 - 2013-09-18 08:38 - 00000506 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 98c8daec-c7f1-4f35-8815-a84410e367e8.job
2013-09-18 08:14 - 2013-09-18 08:14 - 00003574 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 98c8daec-c7f1-4f35-8815-a84410e367e8
2013-09-18 08:14 - 2013-09-18 08:14 - 00003500 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task bbe22df2-2f56-4970-8fb3-49b775ae2d20
2013-09-18 08:14 - 2013-09-18 08:14 - 00000000 ____D C:\Users\ant\AppData\Roaming\SUPERAntiSpyware.com
2013-09-18 08:13 - 2013-09-18 08:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-09-18 08:13 - 2013-09-18 08:13 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-09-18 07:55 - 2013-09-18 08:01 - 00232499 _____ C:\MGlogs.zip
2013-09-18 07:43 - 2013-09-18 07:47 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-18 07:39 - 2013-09-18 13:59 - 00000000 ____D C:\Users\ant\Desktop\Antivirus
2013-09-18 07:38 - 2013-09-18 07:38 - 00002884 _____ C:\Users\ant\Desktop\RKreport[0]_S_09182013_073830.txt
2013-09-18 07:36 - 2013-09-18 07:40 - 00000000 ____D C:\Users\ant\Desktop\RK_Quarantine
2013-09-18 07:25 - 2013-09-18 07:25 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-18 07:25 - 2013-09-18 07:25 - 00000000 ____D C:\Program Files\CCleaner
2013-09-17 17:49 - 2013-09-17 17:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-09-17 08:48 - 2013-09-17 08:48 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-17 08:45 - 2013-09-18 08:01 - 00000000 ____D C:\MGTools
2013-09-17 08:11 - 2013-09-17 08:11 - 00000000 ____D C:\Users\ant\Documents\Simply Super Software
2013-09-17 08:11 - 2013-09-17 08:11 - 00000000 ____D C:\Users\ant\AppData\Roaming\Simply Super Software
2013-09-17 08:11 - 2013-09-17 08:11 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-09-17 08:11 - 2013-09-17 08:11 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\Users\ant\AppData\Roaming\Malwarebytes
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-16 17:53 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-13 23:42 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 23:42 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 23:42 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 23:42 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 23:42 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 23:42 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 23:42 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 23:42 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 23:42 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 23:42 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 23:42 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 23:42 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 11:59 - 2013-09-13 11:59 - 01176256 _____ C:\Users\ant\Downloads\enigmail-1.5.2-tb+sm.xpi
2013-09-13 09:05 - 2013-09-13 12:20 - 00000000 ____D C:\Users\ant\AppData\Roaming\gnupg
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\Users\Public\Desktop\Gpg4win Documentation
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\ProgramData\GNU
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\Program Files (x86)\GNU
2013-09-13 08:52 - 2013-09-13 08:59 - 29690648 _____ (g10 Code GmbH) C:\Users\ant\Downloads\gpg4win-2.2.0.exe
2013-09-13 08:34 - 2013-09-13 08:35 - 00000000 ____D C:\Program Files (x86)\Tor Browser
2013-09-13 07:09 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 07:09 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-13 07:09 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-13 07:09 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-13 07:09 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-13 07:09 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-13 07:09 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 07:09 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-13 07:09 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 07:09 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-13 07:09 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-13 07:09 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-13 07:09 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 07:09 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 07:09 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 07:09 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 07:09 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-13 07:09 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-13 07:09 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-13 07:09 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-13 07:09 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 07:06 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 07:06 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 07:06 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 07:06 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-08-26 11:56 - 2013-08-26 11:56 - 00000000 ____D C:\Users\ant\AppData\Roaming\Cornelsen Schulverlage
2013-08-26 11:56 - 2013-08-26 11:56 - 00000000 ____D C:\Users\ant\AppData\Local\Cornelsen Schulverlage
2013-08-21 17:48 - 2013-08-21 17:48 - 00000000 ____D C:\Users\ant\AppData\Roaming\DirSync

==================== One Month Modified Files and Folders =======

2013-09-20 15:41 - 2013-09-20 15:41 - 00000000 ____D C:\FRST
2013-09-20 15:41 - 2013-09-19 07:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Free Download Manager
2013-09-20 15:40 - 2013-09-20 15:40 - 01950622 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-09-20 15:37 - 2013-09-20 15:37 - 00000488 _____ C:\Windows\SysWOW64\defogger_disable.log
2013-09-20 15:37 - 2013-09-20 15:37 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-09-20 15:37 - 2013-09-18 15:46 - 00000000 ____D C:\Users\Administrator
2013-09-20 15:07 - 2012-04-20 06:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-20 14:59 - 2009-12-23 16:51 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-20 14:48 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-09-20 14:35 - 2010-06-26 11:18 - 00000000 ____D C:\Program Files (x86)\ThreatFire
2013-09-20 14:31 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-20 14:31 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-20 14:29 - 2009-07-14 19:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-09-20 14:29 - 2009-07-14 19:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-09-20 14:29 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-20 14:27 - 2009-12-22 20:39 - 01390466 _____ C:\Windows\WindowsUpdate.log
2013-09-20 14:25 - 2012-09-21 12:14 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-20 14:24 - 2013-09-20 14:24 - 00000022 _____ C:\Windows\S.dirmngr
2013-09-20 14:24 - 2013-09-18 08:38 - 00000896 _____ C:\Windows\setupact.log
2013-09-20 14:24 - 2013-03-21 08:24 - 00000008 _____ C:\Windows\mvraidver.dat
2013-09-20 14:24 - 2012-08-04 11:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-20 14:24 - 2009-12-23 07:47 - 00178112 _____ C:\Windows\za_mv_raid.ev
2013-09-20 14:24 - 2009-12-23 07:47 - 00000096 _____ C:\Windows\za_mv_seqnum.ev
2013-09-20 14:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-20 14:17 - 2013-09-18 08:38 - 00238292 _____ C:\Windows\PFRO.log
2013-09-20 14:10 - 2013-09-20 14:10 - 00032870 _____ C:\ComboFix.txt
2013-09-20 14:10 - 2013-09-18 08:19 - 00000000 ____D C:\Qoobox
2013-09-20 14:03 - 2011-04-17 11:01 - 00000000 ____D C:\Users\ant\AppData\Roaming\Dropbox
2013-09-20 14:03 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-20 14:01 - 2009-12-23 09:47 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-09-20 13:42 - 2013-09-18 08:17 - 05128554 ____R (Swearware) C:\Users\ant\Desktop\ComboFix.exe
2013-09-20 13:40 - 2013-05-18 10:16 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-09-20 13:39 - 2010-06-19 10:48 - 00000000 ____D C:\Users\ant\AppData\Roaming\Free Download Manager
2013-09-20 13:35 - 2013-09-20 13:20 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2013-09-20 13:20 - 2013-09-20 13:20 - 00001085 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2013-09-20 13:20 - 2013-09-20 13:20 - 00000000 ____D C:\Users\ant\AppData\Roaming\Curiolab
2013-09-20 08:14 - 2013-09-18 08:14 - 00000506 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bbe22df2-2f56-4970-8fb3-49b775ae2d20.job
2013-09-20 06:57 - 2009-12-23 16:54 - 00000000 ____D C:\Users\ant\AppData\Local\Adobe
2013-09-19 11:25 - 2013-09-19 11:25 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\Program Files\iTunes
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\Program Files\iPod
2013-09-19 10:39 - 2009-12-22 20:40 - 00000000 ____D C:\Users\ant
2013-09-19 08:07 - 2009-12-23 06:41 - 00000000 ____D C:\Users\ant\Desktop\Applications
2013-09-19 08:03 - 2013-09-19 07:50 - 90013968 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
2013-09-19 07:10 - 2013-09-19 07:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-09-19 07:10 - 2013-09-18 15:47 - 00002255 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2013-09-19 07:05 - 2013-09-19 07:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2013-09-19 07:04 - 2013-09-19 07:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2013-09-19 07:04 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-09-18 17:07 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-09-18 16:32 - 2013-09-18 16:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-09-18 15:53 - 2013-09-18 15:53 - 00000017 _____ C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2013-09-18 15:48 - 2013-09-18 15:48 - 00003512 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Elise-Administrator
2013-09-18 15:48 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Administrator\Documents\Simply Super Software
2013-09-18 15:48 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\PFU
2013-09-18 15:47 - 2013-09-18 15:47 - 00065760 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-18 15:47 - 2013-09-18 15:47 - 00001381 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PFU
2013-09-18 15:46 - 2013-09-18 15:46 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2013-09-18 14:23 - 2011-06-20 09:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-09-18 14:13 - 2013-09-18 14:13 - 00003496 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Elise-Admin
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\Documents\Simply Super Software
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PFU
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\AppData\Local\PFU
2013-09-18 14:13 - 2011-06-20 09:21 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-09-18 14:13 - 2011-06-20 09:19 - 00065760 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-18 14:13 - 2011-06-20 09:19 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-18 14:13 - 2011-06-20 09:19 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-18 14:13 - 2011-06-20 09:19 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2013-09-18 14:12 - 2013-09-18 14:12 - 00002259 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2013-09-18 14:12 - 2011-06-20 09:19 - 00001385 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-18 14:00 - 2009-12-23 07:13 - 00000000 ____D C:\Users\ant\AppData\Local\Apps\2.0
2013-09-18 13:59 - 2013-09-18 07:39 - 00000000 ____D C:\Users\ant\Desktop\Antivirus
2013-09-18 08:46 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-18 08:40 - 2013-09-18 08:19 - 00000000 ____D C:\Windows\erdnt
2013-09-18 08:38 - 2013-09-18 08:38 - 00000000 _____ C:\Windows\setuperr.log
2013-09-18 08:38 - 2013-09-18 08:14 - 00000506 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 98c8daec-c7f1-4f35-8815-a84410e367e8.job
2013-09-18 08:14 - 2013-09-18 08:14 - 00003574 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 98c8daec-c7f1-4f35-8815-a84410e367e8
2013-09-18 08:14 - 2013-09-18 08:14 - 00003500 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task bbe22df2-2f56-4970-8fb3-49b775ae2d20
2013-09-18 08:14 - 2013-09-18 08:14 - 00000000 ____D C:\Users\ant\AppData\Roaming\SUPERAntiSpyware.com
2013-09-18 08:14 - 2013-09-18 08:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-09-18 08:13 - 2013-09-18 08:13 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-09-18 08:01 - 2013-09-18 07:55 - 00232499 _____ C:\MGlogs.zip
2013-09-18 08:01 - 2013-09-17 08:45 - 00000000 ____D C:\MGTools
2013-09-18 07:47 - 2013-09-18 07:43 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-18 07:40 - 2013-09-18 07:36 - 00000000 ____D C:\Users\ant\Desktop\RK_Quarantine
2013-09-18 07:38 - 2013-09-18 07:38 - 00002884 _____ C:\Users\ant\Desktop\RKreport[0]_S_09182013_073830.txt
2013-09-18 07:28 - 2010-02-06 13:42 - 00000000 ____D C:\Users\ant\AppData\Roaming\FileZilla
2013-09-18 07:28 - 2009-12-23 06:43 - 00000000 ____D C:\Users\ant\AppData\Roaming\Skype
2013-09-18 07:27 - 2011-01-06 16:14 - 00000000 ___DC C:\Users\ant\AppData\Local\MigWiz
2013-09-18 07:27 - 2009-12-25 12:52 - 00000000 ____D C:\Windows\Minidump
2013-09-18 07:27 - 2009-12-22 20:33 - 00000000 ____D C:\Windows\Panther
2013-09-18 07:25 - 2013-09-18 07:25 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-18 07:25 - 2013-09-18 07:25 - 00000000 ____D C:\Program Files\CCleaner
2013-09-17 17:49 - 2013-09-17 17:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-09-17 08:48 - 2013-09-17 08:48 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-17 08:11 - 2013-09-17 08:11 - 00000000 ____D C:\Users\ant\Documents\Simply Super Software
2013-09-17 08:11 - 2013-09-17 08:11 - 00000000 ____D C:\Users\ant\AppData\Roaming\Simply Super Software
2013-09-17 08:11 - 2013-09-17 08:11 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-09-17 08:11 - 2013-09-17 08:11 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\Users\ant\AppData\Roaming\Malwarebytes
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-16 17:46 - 2009-12-26 11:14 - 00007626 _____ C:\Users\ant\AppData\Local\resmon.resmoncfg
2013-09-14 14:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-14 11:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-14 09:44 - 2010-01-10 10:51 - 00000000 ____D C:\Program Files (x86)\DirSync
2013-09-14 08:36 - 2009-12-22 20:40 - 00000000 ___RD C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-14 08:36 - 2009-12-22 20:40 - 00000000 ___RD C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-14 08:36 - 2009-07-14 06:45 - 04925808 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 23:42 - 2013-08-15 22:34 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 23:41 - 2009-12-25 13:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 23:41 - 2009-12-22 21:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-13 12:20 - 2013-09-13 09:05 - 00000000 ____D C:\Users\ant\AppData\Roaming\gnupg
2013-09-13 11:59 - 2013-09-13 11:59 - 01176256 _____ C:\Users\ant\Downloads\enigmail-1.5.2-tb+sm.xpi
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\Users\Public\Desktop\Gpg4win Documentation
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\ProgramData\GNU
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\Program Files (x86)\GNU
2013-09-13 08:59 - 2013-09-13 08:52 - 29690648 _____ (g10 Code GmbH) C:\Users\ant\Downloads\gpg4win-2.2.0.exe
2013-09-13 08:35 - 2013-09-13 08:34 - 00000000 ____D C:\Program Files (x86)\Tor Browser
2013-09-13 08:09 - 2012-04-20 07:08 - 17160072 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-13 08:09 - 2012-04-20 06:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 08:09 - 2012-04-20 06:25 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 08:09 - 2011-05-20 07:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-01 10:29 - 2013-03-01 13:42 - 00000021 _____ C:\Windows\SurCode.INI
2013-09-01 09:11 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-31 15:12 - 2010-10-09 14:49 - 00000000 ____D C:\Program Files (x86)\ELOoffice
2013-08-30 09:25 - 2013-08-07 17:55 - 00001301 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-08-26 18:19 - 2011-01-28 08:37 - 00001912 _____ C:\Windows\epplauncher.mif
2013-08-26 18:18 - 2011-01-28 08:37 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-26 18:18 - 2011-01-28 08:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-26 11:56 - 2013-08-26 11:56 - 00000000 ____D C:\Users\ant\AppData\Roaming\Cornelsen Schulverlage
2013-08-26 11:56 - 2013-08-26 11:56 - 00000000 ____D C:\Users\ant\AppData\Local\Cornelsen Schulverlage
2013-08-26 09:49 - 2013-12-24 10:30 - 00000000 ____D C:\Program Files\Adobe
2013-08-21 17:48 - 2013-08-21 17:48 - 00000000 ____D C:\Users\ant\AppData\Roaming\DirSync
2013-08-21 14:24 - 2011-04-17 11:03 - 00000000 ____D C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-21 08:39 - 2012-05-02 07:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-13 13:21

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-09-2013 01
Ran by Administrator at 2013-09-20 15:42:57
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
ABBYY FineReader for ScanSnap (TM) 4.1 (x32 Version: 8.02.650.72520)
Actions Server (x32 Version: 1.0.2)
Adobe Acrobat XI Pro (x32 Version: 11.0)
Adobe Acrobat XI Pro (x32 Version: 11.0.04)
Adobe After Effects CS6 (x32 Version: 11.0.2)
Adobe AIR (x32 Version: 3.7.0.1860)
Adobe Creative Cloud (x32 Version: 2.1.1.220)
Adobe Digital Editions (x32)
Adobe Download Assistant (x32 Version: 1.0.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Lens Profile Downloader (x32 Version: 1.0.1)
Adobe Media Player (x32 Version: 1.8)
Adobe PDF iFilter 9 for 64-bit platforms (Version: 9.0.0)
Adobe Photoshop CS5 (x32 Version: 12.0)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Photoshop Lightroom 2.6 64-bit (Version: 2.6.1)
Adobe Photoshop Lightroom 3 64-bit (Version: 3.0.2)
Adobe Photoshop Lightroom 4.3 64-bit (Version: 4.3.1)
Adobe Prelude CS6 (x32 Version: 1.0.3)
Adobe Premiere Pro CS6 (x32 Version: 6.0)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
Adobe Support Advisor (x32 Version: 1.6.0)
Adobe Support Advisor (x32 Version: 1.6.0.20110516)
Amazon MP3-Downloader 1.0.9 (x32)
Anno 1404 (x32 Version: 1.00.0000)
ANNO 1404 (x32 Version: 1.03.0000)
AnyDVD (x32 Version: 6.7.8.0)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
bl (x32 Version: 1.0.0)
Bonjour (Version: 3.0.0.10)
Bonjour-Druckdienste (Version: 2.0.2.0)
calibre (x32 Version: 0.8.68)
Canon IJ Network Scan Utility (x32)
Canon IJ Network Tool (x32)
Canon MP640 series MP Drivers
Canon Utilities EOS Utility (x32 Version: 2.10.2.0)
CardMinder (x32 Version: V4.1L40)
CardMinder V4.1 (x32 Version: 4.1.40.1)
Catan Online Welt (x32 Version: 3.576)
CCleaner (Version: 4.05)
CPUID CPU-Z 1.53.1
DeepSkyStacker (x32 Version: 3.2.0)
DirSync  2.96 (x32)
EasyGPS 4.18 (x32 Version: 4.18)
ELO Pdf Drucker (x32 Version: 6.0)
ELOoffice (x32 Version: 9.0)
ElsterFormular-Upgrade (x32 Version: 14.1.11318)
ESET Online Scanner v3 (x32)
Evernote v. 4.6.7 (x32 Version: 4.6.7.8409)
Exterminate It! (x32 Version: 2.12.09.18)
fc prints order (x32)
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2)
Free Download Manager 3.9.2 (x32)
Futuremark SystemInfo (x32 Version: 3.20.3.1)
Garmin Communicator Plugin (x32 Version: 2.9.2)
Garmin Training Center (x32 Version: 3.5.3)
Garmin Training Center (x32 Version: 3.6.3)
Garmin USB Drivers (x32 Version: 2.3.0.0)
Garmin WebUpdater (x32 Version: 2.5.1)
Gigabyte Raid Cinfigurer (x32 Version: 1.00.0001)
Google Chrome (x32 Version: 29.0.1547.76)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
Gpg4win (2.2.0) (x32 Version: 2.2.0)
GPSBabel 1.4.2 (x32)
HandBrake 0.9.6 (x32 Version: 0.9.6)
iCloud (Version: 3.0.2.163)
Intel® Solid-State Drive Toolbox (x32 Version: 1.20.000)
iTunes (Version: 11.1.0.126)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
JDownloader (x32)
Logitech Harmony Remote Software (x32 Version: 1.0.110307)
LRTimelapse 2 (x32 Version: 2.3.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mares DRAK (x32 Version: 1.5.0)
Marvell MRU V4 (x32 Version: 4.1.0.1515)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.6 (x86 de) (x32 Version: 17.0.6)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nik Collection (x32 Version: 1.0.0.7)
Notepad++ (x32 Version: 6.2.3)
NVIDIA 3D Vision Controller-Treiber 296.88 (Version: 296.88)
NVIDIA 3D Vision Treiber 306.97 (Version: 306.97)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA HD-Audiotreiber 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA nView 136.53 (Version: 136.53)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0697)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
Oracle VM VirtualBox 4.1.12 (Version: 4.1.12)
PDF Settings CS5 (x32 Version: 10.0)
PDF Settings CS6 (x32 Version: 11.0)
PDF-XChange Viewer (Version: 2.0.46.0)
ph (x32 Version: 1.0.0)
Printer Pro Desktop (x32)
Python 2.7 (x32 Version: 2.7.150)
Python 2.7 pycrypto-2.1.0 (x32)
QuickTime (x32 Version: 7.74.80.86)
Radio.fx (x32)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0)
Retrospect Express HD 2.0 (x32 Version: 2.00.214)
ScanSnap (x32 Version: 5.1.41.1)
ScanSnap (x32 Version: 5.1.62.2)
ScanSnap Manager (x32 Version: V5.1L62)
ScanSnap Organizer (x32 Version: 4.1.41.1)
ScanSnap Organizer (x32 Version: 4.1.61.1)
ScanSnap Organizer (x32 Version: V4.1L61)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (x32)
Skype™ 5.10 (x32 Version: 5.10.116)
SMPlayer 0.6.8 (x32 Version: 0.6.8)
SpeedFan (remove only) (x32)
StorageCraft ShadowControl ImageManager (x32 Version: 5.0.5)
StorageCraft ShadowProtect (x32 Version: 4.2.7.19756)
SUPERAntiSpyware (Version: 5.6.1032)
ThreatFire (x32)
TightVNC (Version: 2.6.4.0)
Trojan Remover 6.8.8 (x32 Version: 6.8.8)
TrueCrypt (x32 Version: 7.1a)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
XviD v1.2.0 CVS

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-09-20 14:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {2BF2D228-B633-4246-975A-0D8CC74FD208} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2DC4641B-3B6E-4525-8650-40D38A45D73E} - System32\Tasks\AdobeAAMUpdater-1.0-Elise-Admin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {3AD2A025-79AC-4604-BC01-50FE4FDF997F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-23] (Google Inc.)
Task: {4A0B0DC9-AC76-40B5-8558-4AA55D2DF2CA} - System32\Tasks\{02EAD88E-0E46-40FD-8F18-F933078C92C5} => C:\Program Files (x86)\LRTimelapse\LRTimelapse.exe [2012-05-17] ()
Task: {5D60FE41-9C5E-4B61-BC48-FDCB7712A205} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {64C218A7-9CBB-42A8-BFD0-E2E9927CB2CB} - System32\Tasks\SUPERAntiSpyware Scheduled Task 98c8daec-c7f1-4f35-8815-a84410e367e8 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: {737295E6-1924-4F8F-8387-632352DC9637} - System32\Tasks\AdobeAAMUpdater-1.0-Elise-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {7F4A9003-E2A7-4AA7-96D4-94E38BCEA6A4} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {81B6BF05-ACD8-43C1-84CA-8F5173E4387C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-23] (Google Inc.)
Task: {86042A5D-FE8D-4C91-AADF-89DA5073451B} - System32\Tasks\SUPERAntiSpyware Scheduled Task bbe22df2-2f56-4970-8fb3-49b775ae2d20 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: {9A5FC6C4-E74F-4D6B-A8C1-B404C02D67FC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {A5FF46AD-6A0F-49D1-8BD8-8ADC21A08F14} - System32\Tasks\AdobeAAMUpdater-1.0-Elise-ant => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {A6F457AB-E351-41FA-B0E8-C8E5F6CE91B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated)
Task: {BB94F500-4EBD-4AAE-90F7-831B1AFE7E5A} - \User_Feed_Synchronization-{B608800B-858F-4E95-99A8-587AD43ACEB2} No Task File
Task: {CCE7CA5E-C9CB-45C9-8614-701301E4E2C5} - System32\Tasks\Monitor Profil Laden => C:\Program Files (x86)\Quato\iColorDisplay\QuatoCalibrationLoader.exe [2007-10-01] (Quato)
Task: {D1B326AF-4882-4E9F-B6EA-0F289A7DA04B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 98c8daec-c7f1-4f35-8815-a84410e367e8.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bbe22df2-2f56-4970-8fb3-49b775ae2d20.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2013-08-17 00:32 - 2013-08-17 00:32 - 03357040 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-08-15 15:57 - 2012-02-01 11:39 - 00344576 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\x64\SSFolder.DLL
2010-06-26 11:18 - 2010-01-14 16:08 - 00460048 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFWAH.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00053024 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-20 11:59 - 2013-08-20 11:59 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-08-20 11:56 - 2013-08-20 11:56 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-08-20 11:54 - 2013-08-20 11:54 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-08-20 11:58 - 2013-08-20 11:58 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-08-20 11:59 - 2013-08-20 11:59 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2009-04-09 02:38 - 2009-04-09 02:38 - 00073782 _____ () C:\Program Files (x86)\Marvell\raid\Apache2\bin\zlib1.dll
2009-04-09 02:39 - 2009-04-09 02:39 - 00036932 _____ (The PHP Group) C:\Program Files (x86)\Marvell\raid\php5\php5apache2_2.dll
2009-04-09 02:39 - 2009-04-09 02:39 - 04874301 _____ (The PHP Group) C:\Program Files (x86)\Marvell\raid\php5\php5ts.dll
2009-04-09 02:39 - 2009-04-09 02:39 - 00045122 _____ (The PHP Group) C:\Program Files (x86)\Marvell\raid\php5\ext\php_gettext.dll
2009-04-09 02:39 - 2009-04-09 02:39 - 00065602 _____ (The PHP Group) C:\Program Files (x86)\Marvell\raid\php5\ext\php_openssl.dll
2009-10-05 20:01 - 2009-10-05 20:01 - 00053248 _____ (ZApps) C:\Program Files (x86)\Marvell\raid\php5\ext\php_zraidapi.dll
2012-03-29 13:54 - 2012-03-29 13:54 - 00072488 _____ (StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.Server.dll
2012-01-25 11:47 - 2012-01-25 11:47 - 01615360 _____ (Enterprise Distributed Technologies) C:\Program Files (x86)\StorageCraft\ImageManager\edtFTPnetPRO.dll
2012-03-29 13:54 - 2012-03-29 13:54 - 00019752 _____ (StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ImageManager\de\ImageManager.resources.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-03-29 13:53 - 2012-03-29 13:53 - 00141608 _____ (StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ImageManager\sbimageapi.dll
2010-06-26 11:18 - 2010-01-14 16:08 - 00058640 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFServer.dll
2010-06-26 11:18 - 2010-01-14 16:07 - 00873744 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFE.dll
2010-06-26 11:18 - 2010-01-14 16:08 - 00045840 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFMon.dll
2010-06-26 11:18 - 2010-01-14 16:08 - 00107792 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFRK.dll
2010-06-26 11:18 - 2010-01-14 16:08 - 00028944 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFMisc.dll
2010-06-26 11:18 - 2010-01-14 16:08 - 00062736 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFLog.dll
2010-06-26 11:18 - 2010-01-14 16:08 - 00058640 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFUndo.dll
2010-06-26 11:18 - 2010-01-14 16:08 - 00423184 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFSF.dll
2010-06-26 11:18 - 2010-01-14 16:08 - 00353552 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFQT.dll
2010-06-26 11:18 - 2010-01-14 16:08 - 00161040 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFScan.dll
2010-06-26 11:18 - 2010-01-14 16:07 - 00066832 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFDBM.dll
2010-06-26 11:18 - 2010-01-14 16:08 - 00402704 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFTM.dll
2010-06-26 11:18 - 2010-01-14 16:08 - 00032528 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFO.dll
2010-06-26 11:18 - 2010-01-14 16:07 - 00099600 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFCR.dll
2010-06-26 11:18 - 2010-01-14 16:08 - 00144656 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFPA.dll
2010-06-26 11:18 - 2010-01-14 16:07 - 00044816 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFAPI.dll
2010-06-26 11:18 - 2010-01-14 16:08 - 00185616 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TFWS.dll
2012-11-08 10:07 - 2012-11-08 10:07 - 00026448 _____ (StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\STCSNAP.dll
2010-06-26 11:18 - 2010-01-14 16:08 - 00460048 _____ (PC Tools) C:\Program Files (x86)\ThreatFire\TfWah.dll
2013-08-15 14:57 - 2010-12-10 10:39 - 00033280 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardMsg.dll
2013-08-15 14:57 - 2008-05-09 22:56 - 00102400 _____ (PFU Limited.) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardCommon.dll
2013-08-15 14:57 - 2011-01-19 12:36 - 00147456 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardFinder.dll
2013-08-15 14:57 - 2011-01-19 12:34 - 00176128 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardWndCmmn.dll
2013-08-15 14:57 - 2011-01-19 12:34 - 00114688 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardData.dll
2013-08-15 14:57 - 2011-01-19 12:34 - 00077824 _____ (PFU Limited.) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardConfig.dll
2013-08-15 14:57 - 2008-11-12 15:32 - 00014848 _____ () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll
2013-08-15 14:57 - 2008-07-15 17:10 - 00081920 _____ (PFU Limited.) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardHook.dll
2013-08-15 14:57 - 2011-01-19 12:35 - 00053248 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardDialog.dll
2013-08-15 14:57 - 2008-09-10 13:04 - 00053248 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\0407\CardCommon0407.dll
2013-08-15 14:57 - 2011-02-09 19:08 - 00094208 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\0407\CardMsg0407.dll
2013-08-15 14:57 - 2008-09-10 13:04 - 00098304 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\0407\CardWndCmmn0407.dll
2013-08-15 14:57 - 2003-02-19 19:38 - 00176128 _____ (PFU) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\PGD_FILE\pgd_file.dll
2013-08-15 14:57 - 2008-09-10 13:04 - 00069632 _____ () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\0407\CardConfig0407.dll
2013-08-15 14:57 - 2008-10-08 08:51 - 00065536 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\0407\CardDialog0407.dll
2013-08-15 14:57 - 2010-05-19 16:23 - 00122880 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\0407\CardFinder0407.dll
2013-08-15 14:57 - 2010-05-14 14:24 - 00073728 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\0407\CardLauncher0407.dll
2013-08-15 14:54 - 2012-01-18 16:35 - 00385024 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2013-08-15 14:54 - 2011-12-14 21:49 - 00233472 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2013-08-15 14:54 - 2011-12-21 13:20 - 00266240 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsCommon.dll
2013-08-15 14:54 - 2011-01-27 12:36 - 00315392 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsSvc.dll
2013-08-15 14:54 - 2008-11-27 19:23 - 00053248 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsOrgFolder.dll
2013-08-15 14:54 - 2012-01-18 17:07 - 00290816 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsQMSetting.dll
2013-08-15 14:54 - 2011-12-14 21:49 - 00258048 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsLaunchapp.dll
2013-08-15 14:54 - 2003-03-26 18:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2013-08-15 14:54 - 2008-02-28 19:36 - 01069056 _____ (PFU Limited) C:\Program Files (x86)\PFU\ScanSnap\Driver\SsIjl.dll
2013-08-15 14:54 - 2002-06-19 19:11 - 00516179 _____ (PFU) C:\Program Files (x86)\PFU\ScanSnap\Driver\pgd_file.dll
2013-08-15 14:54 - 2013-01-10 10:10 - 00442368 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon0407.dll
2013-08-15 14:54 - 2010-08-24 16:56 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2013-08-15 14:54 - 2005-11-24 12:28 - 00188416 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\SignLib.dll
2013-08-15 14:54 - 2006-11-01 19:50 - 00054544 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PtsaaEIf.dll
2013-08-15 14:54 - 2008-07-03 18:02 - 00057344 _____ (PFU) C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IROTAT.dll
2013-08-15 14:54 - 2011-03-17 13:52 - 00094208 _____ (PFU) C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IMOCR.dll
2013-08-15 14:54 - 2008-11-08 13:44 - 00147456 _____ (PFU) C:\Program Files (x86)\PFU\ScanSnap\Driver\P2ICMUKIS.dll
2013-08-15 14:54 - 2008-07-04 09:28 - 00118784 _____ (PFU) C:\Program Files (x86)\PFU\ScanSnap\Driver\P2Igr2mo.dll
2013-08-15 14:53 - 2008-02-04 11:15 - 00065536 _____ (PFU) C:\Program Files (x86)\PFU\ScanSnap\Driver\P2Iscale.dll
2013-08-15 14:54 - 2008-01-18 14:20 - 00106496 _____ (PFU) C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IJDGWP.dll
2013-08-15 14:54 - 2011-03-18 09:38 - 00249856 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\pfumkocr.dll
2013-08-15 14:54 - 2012-09-06 19:47 - 00458752 _____ (PFU) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsCtl.dll
2013-08-15 14:54 - 2002-02-25 18:00 - 00069632 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\IMGPROC2.dll
2013-08-15 14:54 - 2010-07-23 09:54 - 00823296 _____ (PFU Limited) C:\Program Files (x86)\PFU\ScanSnap\Driver\P2ICRPPR.dll
2013-08-15 14:54 - 2008-10-29 13:59 - 00053248 _____ (PFU) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsSRGB.dll
2013-08-15 14:54 - 2005-02-17 11:55 - 00069632 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\distortion.dll
2013-08-15 14:53 - 2011-07-05 09:28 - 02409736 _____ (ABBYY Software) C:\Program Files (x86)\Common Files\PFU\ScanSnap\OCR\ABBYY8\FREngine.dll
2013-08-15 14:53 - 2007-11-06 14:52 - 00398624 _____ (ABBYY (BIT Software)) C:\Program Files (x86)\Common Files\PFU\ScanSnap\OCR\ABBYY8\FineObj.dll
2013-08-15 14:53 - 2007-11-06 15:06 - 05326112 _____ (ABBYY Software) C:\Program Files (x86)\Common Files\PFU\ScanSnap\OCR\ABBYY8\LangInfo.dll
2013-08-15 14:53 - 2007-11-02 02:42 - 00214304 _____ (ABBYY (BIT Software)) C:\Program Files (x86)\Common Files\PFU\ScanSnap\OCR\ABBYY8\FineNet.dll
2010-02-16 18:09 - 2009-05-19 19:34 - 00019968 _____ (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNSU_DEU.DLL
2010-11-17 03:52 - 2010-11-17 03:52 - 00096904 _____ (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Locale\de_DE\acrotray.deu
2013-08-19 22:12 - 2013-08-19 22:12 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-08-15 15:57 - 2012-01-16 18:19 - 00081920 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\S2OCmnU.dll
2013-08-15 15:57 - 2012-01-16 18:19 - 00010752 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\STOLogOut.dll
2013-08-15 15:58 - 2011-12-20 17:48 - 00626688 _____ (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\0407\SSFolderTray0407.dll
2013-03-13 13:42 - 2013-06-05 14:21 - 00255880 _____ (The cURL library, hxxp://curl.haxx.se/) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\libcurl.dll
2013-03-13 13:42 - 2013-06-05 14:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2013-08-17 00:32 - 2013-08-17 00:32 - 00381808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll
2012-11-08 10:08 - 2012-11-08 10:08 - 00046416 _____ (StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\SBSNAP.dll
2012-11-08 10:07 - 2012-11-08 10:07 - 00026448 _____ (StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\stcsnap.dll
2012-11-29 23:59 - 2012-11-29 23:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-09-20 14:28 - 2013-09-17 05:20 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
2013-09-20 14:28 - 2013-09-17 05:20 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libegl.dll
2013-09-20 14:28 - 2013-09-17 05:21 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
2013-09-20 14:28 - 2013-09-17 05:21 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
2013-09-20 14:28 - 2013-09-17 05:20 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
2013-09-20 14:28 - 2013-09-17 05:21 - 13611984 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
2013-01-13 17:28 - 2013-01-11 18:21 - 00144896 _____ (FreeDownloadManager.org) C:\Program Files (x86)\Google\Chrome\Application\plugins\npfdm.dll
2010-06-19 10:48 - 2013-01-11 04:22 - 03547136 _____ () C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\Microsoft:asEhxsB3Of7jVfqT52guI
AlternateDataStreams: C:\ProgramData\Microsoft:lZipYPsMgURewehK0O3iyH
AlternateDataStreams: C:\ProgramData\Microsoft:Olfe3cgOFFrXwJ8TvvCfQ8Ur
AlternateDataStreams: C:\ProgramData\TEMP:618D0840
AlternateDataStreams: C:\ProgramData\TEMP:9453D700
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\Users\ant\AppData\Local\Temporary Internet Files:1g3FnQ4FkNUJoBwB1McI8vLU
AlternateDataStreams: C:\Users\ant\AppData\Local\Temporary Internet Files:azLVit7w43vaZpJ0hN5


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/20/2013 01:41:31 PM) (Source: Application Hang) (User: )
Description: Programm mbam.exe, Version 1.75.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1fc0

Startzeit: 01ceb5ef533ca3e8

Endzeit: 9

Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Berichts-ID: 73025d63-21e9-11e3-b25a-00241dce6d02

Error: (09/20/2013 07:11:23 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/20/2013 06:49:45 AM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(04:1e:64:39:e7:08@fe80::61e:64ff:fe39:e708._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (09/19/2013 07:08:24 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(74:e1:b6:cc:e7:e1@fe80::76e1:b6ff:fecc:e7e1._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (09/19/2013 07:08:24 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(04:1e:64:39:e7:08@fe80::61e:64ff:fe39:e708._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (09/19/2013 07:05:06 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ApplePhotoStreams.exe, Version: 7.12.44.1, Zeitstempel: 0x516e136b
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x12e4
Startzeit der fehlerhaften Anwendung: 0xApplePhotoStreams.exe0
Pfad der fehlerhaften Anwendung: ApplePhotoStreams.exe1
Pfad des fehlerhaften Moduls: ApplePhotoStreams.exe2
Berichtskennung: ApplePhotoStreams.exe3

Error: (09/19/2013 10:39:33 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/19/2013 10:38:23 AM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(04:1e:64:39:e7:08@fe80::61e:64ff:fe39:e708._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (09/19/2013 10:22:16 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/19/2013 10:04:43 AM) (Source: ShadowProtectSvc) (User: NT-AUTORITÄT)
Description: Backup Status: failed
Image Datei: G:\Backup-Elise\C_VOL
Log Datei: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{B48C611B-A11B-4915-AE48-01A83E90B590}.txt
Startzeit: 19.09.2013 10:04:43
Modul: service
Code: 509
Nachricht: Kann nicht auf das Zielobjekt zugreifen


System errors:
=============
Error: (09/20/2013 02:23:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/20/2013 02:23:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/20/2013 02:23:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/20/2013 02:23:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/20/2013 02:23:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/20/2013 02:23:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/20/2013 02:23:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/20/2013 02:23:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/20/2013 02:23:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/20/2013 02:23:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-20 13:58:24.881
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-20 13:58:24.774
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-20 13:58:24.667
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-20 13:58:24.560
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-18 08:34:00.988
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-18 08:34:00.858
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 8183.24 MB
Available physical RAM: 6036.82 MB
Total Pagefile: 24565.43 MB
Available Pagefile: 21823.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive b: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive c: () (Fixed) (Total:148.95 GB) (Free:27.47 GB) NTFS
Drive d: (Main) (Fixed) (Total:1863.01 GB) (Free:184.73 GB) NTFS
Drive e: (Temp-3TB) (Fixed) (Total:2794.39 GB) (Free:2574.64 GB) NTFS
Drive g: (Backup1-3TB) (Fixed) (Total:2794.49 GB) (Free:804.48 GB) NTFS
Drive t: () (Fixed) (Total:465.76 GB) (Free:27.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: F0702EB4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F0702EA1)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 46FB7358)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 4.

==================== End Of Log ============================

littleant · 20.09.2013, 17:27

Weiter gehts

Gmer Teil 1

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-20 16:05:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-6 INTEL_SSDSA2M160G2GC rev.2CV102HD 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\uxldapoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544                                                                                               fffff80003df3000 86 bytes [00, 30, A3, 0A, 80, FA, FF, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 632                                                                                               fffff80003df3058 56 bytes [F0, 1E, 5F, 0A, 80, FA, FF, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                         00000000765e103d 6 bytes JMP 714f000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                         00000000765e1072 6 bytes JMP 7152000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                         00000000765e1222 6 bytes JMP 710e000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!WriteFile                                              00000000765e1282 6 bytes JMP 7094000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                    00000000765e16dd 6 bytes JMP 7054000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                           00000000765e1826 6 bytes JMP 70cb000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                    00000000765e18fe 6 bytes JMP 7076000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!OpenProcess                                            00000000765e1956 6 bytes JMP 7045000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                        00000000765e31cf 6 bytes JMP 709d000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!CreateThread                                           00000000765e3475 6 bytes JMP 70ce000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!CreateFileW                                            00000000765e3efc 6 bytes JMP 70d8000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                           00000000765e41ec 6 bytes JMP 707f000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                       00000000765e41f9 6 bytes JMP 7097000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                         00000000765e42ff 6 bytes JMP 70c8000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                           00000000765e48cb 6 bytes JMP 715b000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                         00000000765e48fd 6 bytes JMP 716b000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                           00000000765e4977 6 bytes JMP 715e000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                           00000000765e4c0b 6 bytes JMP 7082000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                             00000000765e50f1 6 bytes JMP 7079000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!CreateFileA                                            00000000765e5366 6 bytes JMP 70d5000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                            00000000765e53e4 6 bytes JMP 7067000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!LoadResource                                           00000000765e58ec 6 bytes JMP 70b3000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!TerminateThread                                        00000000765e79cf 6 bytes JMP 7135000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                            00000000765e8953 6 bytes JMP 7064000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!MoveFileW                                              00000000765f9a90 6 bytes JMP 704e000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                            00000000765f9acd 6 bytes JMP 7048000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                  00000000765fc800 6 bytes JMP 7107000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                       00000000765fd79a 6 bytes JMP 7164000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                     00000000765fd978 6 bytes JMP 7161000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                             00000000765fec07 6 bytes JMP 707c000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!CopyFileA                                              000000007660587d 6 bytes JMP 70b0000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!CopyFileW                                              00000000766082a5 6 bytes JMP 70ad000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                            000000007660cc61 6 bytes JMP 704b000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                       000000007660d4c6 6 bytes JMP 709a000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                     00000000766580aa 6 bytes JMP 7132000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!MoveFileA                                              000000007665d8e9 6 bytes JMP 7051000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                            000000007665ec29 6 bytes JMP 70aa000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!WinExec                                                0000000076662c51 6 bytes JMP 7140000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                     000000007666419b 6 bytes JMP 716e000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                       00000000766645ef 6 bytes JMP 7122000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                       00000000766653c3 6 bytes JMP 7091000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                         00000000754aca64 6 bytes JMP 70c2000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                            00000000754acc15 6 bytes JMP 70f8000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                          00000000754acd01 6 bytes JMP 70fe000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                        00000000754b1469 6 bytes JMP 7104000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                         00000000754b14b3 6 bytes JMP 70ec000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                         00000000754b14d6 6 bytes JMP 70e9000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                          00000000754b1514 6 bytes JMP 70fb000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                            00000000754b2459 6 bytes JMP 70f5000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                         00000000754b2bd8 6 bytes JMP 70c5000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                  00000000754b404a 6 bytes JMP 708b000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                        00000000754b40fe 6 bytes JMP 7101000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                  00000000754b418e 6 bytes JMP 7085000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                  00000000754b41b3 6 bytes JMP 7088000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                       00000000754b4304 6 bytes JMP 708e000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                          00000000754b468d 6 bytes JMP 70ef000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                       00000000754b46ad 6 bytes JMP 70db000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                       00000000754b48ef 6 bytes JMP 70de000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                          00000000754b4907 6 bytes JMP 70f2000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                         00000000754c712c 6 bytes JMP 7118000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                          00000000754ca8b7 6 bytes JMP 7061000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                         00000000754e3158 6 bytes JMP 711b000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                          0000000076f98a29 6 bytes JMP 706a000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                          0000000076f9d22e 6 bytes JMP 706d000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                          0000000076f9ee09 6 bytes JMP 7115000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                           0000000076fa20ec 6 bytes JMP 7057000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!DrawTextW                                                0000000076fa25cf 6 bytes JMP 7070000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!GetKeyState                                              0000000076fa291f 6 bytes JMP 712f000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                        0000000076fa7603 6 bytes JMP 7155000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                           0000000076fa7aee 6 bytes JMP 705a000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                        0000000076fa835c 6 bytes JMP 7158000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!DrawTextA                                                0000000076faaea1 6 bytes JMP 7073000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                         0000000076fbeb96 6 bytes JMP 712c000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!DdeConnect                                               0000000076fdeb7f 6 bytes JMP 7125000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                           0000000075993c31 6 bytes JMP 7149000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                       00000000759a0171 6 bytes JMP 70a0000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                                         00000000759a1df6 6 bytes JMP 7143000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                                          0000000075bc748a 6 bytes JMP 7146000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                                           0000000075bc7525 6 bytes JMP 714c000a
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                                        0000000075bc8f9e 6 bytes JMP 70a3000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                           00000000765e103d 6 bytes JMP 714f000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                           00000000765e1072 6 bytes JMP 7152000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                                                           00000000765e1222 6 bytes JMP 710e000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!WriteFile                                                                                00000000765e1282 6 bytes JMP 7094000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                                                      00000000765e16dd 6 bytes JMP 7054000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                                                             00000000765e1826 6 bytes JMP 70cb000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                                                      00000000765e18fe 6 bytes JMP 7076000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!OpenProcess                                                                              00000000765e1956 6 bytes JMP 7045000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                                                          00000000765e31cf 6 bytes JMP 709d000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!CreateThread                                                                             00000000765e3475 6 bytes JMP 70ce000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                                              00000000765e3efc 6 bytes JMP 70d8000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                                                             00000000765e41ec 6 bytes JMP 707f000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                                                         00000000765e41f9 6 bytes JMP 7097000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                                                           00000000765e42ff 6 bytes JMP 70c8000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                                             00000000765e48cb 6 bytes JMP 715b000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                                           00000000765e48fd 6 bytes JMP 716b000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                             00000000765e4977 6 bytes JMP 715e000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                                                             00000000765e4c0b 6 bytes JMP 7082000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                                                               00000000765e50f1 6 bytes JMP 7079000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                                              00000000765e5366 6 bytes JMP 70d5000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                                                              00000000765e53e4 6 bytes JMP 7067000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!LoadResource                                                                             00000000765e58ec 6 bytes JMP 70b3000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                                          00000000765e79cf 6 bytes JMP 7135000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                                              00000000765e8953 6 bytes JMP 7064000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                                                00000000765f9a90 6 bytes JMP 704e000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                              00000000765f9acd 6 bytes JMP 7048000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                                                    00000000765fc800 6 bytes JMP 7107000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                                         00000000765fd79a 6 bytes JMP 7164000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                                                       00000000765fd978 6 bytes JMP 7161000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                                                               00000000765fec07 6 bytes JMP 707c000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!CopyFileA                                                                                000000007660587d 6 bytes JMP 70b0000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                                                00000000766082a5 6 bytes JMP 70ad000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                              000000007660cc61 6 bytes JMP 704b000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                                                         000000007660d4c6 6 bytes JMP 709a000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                                                       00000000766580aa 6 bytes JMP 7132000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!MoveFileA                                                                                000000007665d8e9 6 bytes JMP 7051000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                                                              000000007665ec29 6 bytes JMP 70aa000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                  0000000076662c51 6 bytes JMP 7140000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                                                       000000007666419b 6 bytes JMP 716e000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                                                         00000000766645ef 6 bytes JMP 7122000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                                                         00000000766653c3 6 bytes JMP 7091000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                            0000000076f98a29 6 bytes JMP 706a000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                            0000000076f9d22e 6 bytes JMP 706d000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                            0000000076f9ee09 6 bytes JMP 7115000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                             0000000076fa20ec 6 bytes JMP 7057000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\USER32.dll!DrawTextW                                                                                  0000000076fa25cf 6 bytes JMP 7070000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                0000000076fa291f 6 bytes JMP 712f000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                          0000000076fa7603 6 bytes JMP 7155000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                             0000000076fa7aee 6 bytes JMP 705a000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                          0000000076fa835c 6 bytes JMP 7158000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\USER32.dll!DrawTextA                                                                                  0000000076faaea1 6 bytes JMP 7073000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                           0000000076fbeb96 6 bytes JMP 712c000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\USER32.dll!DdeConnect                                                                                 0000000076fdeb7f 6 bytes JMP 7125000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                                                           00000000754aca64 6 bytes JMP 70c2000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                                                              00000000754acc15 6 bytes JMP 70f8000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                                                            00000000754acd01 6 bytes JMP 70fe000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                                                          00000000754b1469 6 bytes JMP 7104000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                                                           00000000754b14b3 6 bytes JMP 70ec000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                                                           00000000754b14d6 6 bytes JMP 70e9000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                                                            00000000754b1514 6 bytes JMP 70fb000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                                                              00000000754b2459 6 bytes JMP 70f5000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                                                           00000000754b2bd8 6 bytes JMP 70c5000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                                                    00000000754b404a 6 bytes JMP 708b000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                                                          00000000754b40fe 6 bytes JMP 7101000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                                                    00000000754b418e 6 bytes JMP 7085000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                                                    00000000754b41b3 6 bytes JMP 7088000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                                                         00000000754b4304 6 bytes JMP 708e000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                                                            00000000754b468d 6 bytes JMP 70ef000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                                                         00000000754b46ad 6 bytes JMP 70db000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                                                         00000000754b48ef 6 bytes JMP 70de000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                                                            00000000754b4907 6 bytes JMP 70f2000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                           00000000754c712c 6 bytes JMP 7118000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                                                            00000000754ca8b7 6 bytes JMP 7061000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                           00000000754e3158 6 bytes JMP 711b000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                                                             0000000075993c31 6 bytes JMP 7149000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                                         00000000759a0171 6 bytes JMP 70a0000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                                                                           00000000759a1df6 6 bytes JMP 7143000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                                                                            0000000075bc748a 6 bytes JMP 7146000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                                                                             0000000075bc7525 6 bytes JMP 714c000a
.text     C:\Windows\SysWOW64\brsvc01a.exe[1632] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                                                                          0000000075bc8f9e 6 bytes JMP 70a3000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                               00000000765e103d 6 bytes JMP 714f000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                               00000000765e1072 6 bytes JMP 7152000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                               00000000765e1222 6 bytes JMP 710e000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!WriteFile                                                    00000000765e1282 6 bytes JMP 7094000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                          00000000765e16dd 6 bytes JMP 7054000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                                 00000000765e1826 6 bytes JMP 70cb000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                          00000000765e18fe 6 bytes JMP 7076000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!OpenProcess                                                  00000000765e1956 6 bytes JMP 7045000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                              00000000765e31cf 6 bytes JMP 709d000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!CreateThread                                                 00000000765e3475 6 bytes JMP 70ce000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                  00000000765e3efc 6 bytes JMP 70d8000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                                 00000000765e41ec 6 bytes JMP 707f000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                             00000000765e41f9 6 bytes JMP 7097000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                               00000000765e42ff 6 bytes JMP 70c8000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                 00000000765e48cb 6 bytes JMP 715b000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                               00000000765e48fd 6 bytes JMP 716b000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                 00000000765e4977 6 bytes JMP 715e000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                                 00000000765e4c0b 6 bytes JMP 7082000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                                   00000000765e50f1 6 bytes JMP 7079000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                  00000000765e5366 6 bytes JMP 70d5000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                                  00000000765e53e4 6 bytes JMP 7067000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!LoadResource                                                 00000000765e58ec 6 bytes JMP 70b3000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!TerminateThread                                              00000000765e79cf 6 bytes JMP 7135000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                  00000000765e8953 6 bytes JMP 7064000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                    00000000765f9a90 6 bytes JMP 704e000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                  00000000765f9acd 6 bytes JMP 7048000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                        00000000765fc800 6 bytes JMP 7107000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                             00000000765fd79a 6 bytes JMP 7164000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                           00000000765fd978 6 bytes JMP 7161000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                                   00000000765fec07 6 bytes JMP 707c000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!CopyFileA                                                    000000007660587d 6 bytes JMP 70b0000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                    00000000766082a5 6 bytes JMP 70ad000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                  000000007660cc61 6 bytes JMP 704b000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                             000000007660d4c6 6 bytes JMP 709a000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                           00000000766580aa 6 bytes JMP 7132000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!MoveFileA                                                    000000007665d8e9 6 bytes JMP 7051000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                                  000000007665ec29 6 bytes JMP 70aa000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!WinExec                                                      0000000076662c51 6 bytes JMP 7140000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                           000000007666419b 6 bytes JMP 716e000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                             00000000766645ef 6 bytes JMP 7122000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                             00000000766653c3 6 bytes JMP 7091000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                0000000076f98a29 6 bytes JMP 706a000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                0000000076f9d22e 6 bytes JMP 706d000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                0000000076f9ee09 6 bytes JMP 7115000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                 0000000076fa20ec 6 bytes JMP 7057000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!DrawTextW                                                      0000000076fa25cf 6 bytes JMP 7070000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!GetKeyState                                                    0000000076fa291f 6 bytes JMP 712f000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                              0000000076fa7603 6 bytes JMP 7155000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                 0000000076fa7aee 6 bytes JMP 705a000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                              0000000076fa835c 6 bytes JMP 7158000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!DrawTextA                                                      0000000076faaea1 6 bytes JMP 7073000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                               0000000076fbeb96 6 bytes JMP 712c000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!DdeConnect                                                     0000000076fdeb7f 6 bytes JMP 7125000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                               00000000754aca64 6 bytes JMP 70c2000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                                  00000000754acc15 6 bytes JMP 70f8000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                                00000000754acd01 6 bytes JMP 70fe000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                              00000000754b1469 6 bytes JMP 7104000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                               00000000754b14b3 6 bytes JMP 70ec000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                               00000000754b14d6 6 bytes JMP 70e9000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                                00000000754b1514 6 bytes JMP 70fb000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                                  00000000754b2459 6 bytes JMP 70f5000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                               00000000754b2bd8 6 bytes JMP 70c5000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                        00000000754b404a 6 bytes JMP 708b000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                              00000000754b40fe 6 bytes JMP 7101000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                        00000000754b418e 6 bytes JMP 7085000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                        00000000754b41b3 6 bytes JMP 7088000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                             00000000754b4304 6 bytes JMP 708e000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                                00000000754b468d 6 bytes JMP 70ef000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                             00000000754b46ad 6 bytes JMP 70db000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                             00000000754b48ef 6 bytes JMP 70de000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                                00000000754b4907 6 bytes JMP 70f2000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                               00000000754c712c 6 bytes JMP 7118000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                                00000000754ca8b7 6 bytes JMP 7061000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                               00000000754e3158 6 bytes JMP 711b000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                                 0000000075993c31 6 bytes JMP 7149000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                             00000000759a0171 6 bytes JMP 70a0000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                                               00000000759a1df6 6 bytes JMP 7143000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                                                0000000075bc748a 6 bytes JMP 7146000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                                                 0000000075bc7525 6 bytes JMP 714c000a
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                                              0000000075bc8f9e 6 bytes JMP 70a3000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!CreateProcessW               00000000765e103d 6 bytes JMP 714f000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!CreateProcessA               00000000765e1072 6 bytes JMP 7152000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!GetProcAddress               00000000765e1222 6 bytes JMP 710e000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!WriteFile                    00000000765e1282 6 bytes JMP 708e000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte          00000000765e16dd 6 bytes JMP 704e000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                 00000000765e1826 6 bytes JMP 70cb000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar          00000000765e18fe 6 bytes JMP 7070000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!OpenProcess                  00000000765e1956 6 bytes JMP 703f000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!DeviceIoControl              00000000765e31cf 6 bytes JMP 709d000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!CreateThread                 00000000765e3475 6 bytes JMP 70ce000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!CreateFileW                  00000000765e3efc 6 bytes JMP 70d8000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!CreateMutexW                 00000000765e41ec 6 bytes JMP 7079000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW             00000000765e41f9 6 bytes JMP 7091000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!VirtualProtect               00000000765e42ff 6 bytes JMP 70c8000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                 00000000765e48cb 6 bytes JMP 715b000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW               00000000765e48fd 6 bytes JMP 716b000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                 00000000765e4977 6 bytes JMP 715e000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!CreateMutexA                 00000000765e4c0b 6 bytes JMP 707c000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!OpenMutexW                   00000000765e50f1 6 bytes JMP 7073000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!CreateFileA                  00000000765e5366 6 bytes JMP 70d5000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!DeleteFileA                  00000000765e53e4 6 bytes JMP 7061000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!LoadResource                 00000000765e58ec 6 bytes JMP 70b3000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!TerminateThread              00000000765e79cf 6 bytes JMP 7135000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!DeleteFileW                  00000000765e8953 6 bytes JMP 705e000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!MoveFileW                    00000000765f9a90 6 bytes JMP 7048000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!MoveFileExW                  00000000765f9acd 6 bytes JMP 7042000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW        00000000765fc800 6 bytes JMP 7107000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!TerminateProcess             00000000765fd79a 6 bytes JMP 7164000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory           00000000765fd978 6 bytes JMP 7161000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!OpenMutexA                   00000000765fec07 6 bytes JMP 7076000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!CopyFileA                    000000007660587d 6 bytes JMP 70b0000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!CopyFileW                    00000000766082a5 6 bytes JMP 70ad000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!MoveFileExA                  000000007660cc61 6 bytes JMP 7045000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA             000000007660d4c6 6 bytes JMP 7094000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess           00000000766580aa 6 bytes JMP 7132000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!MoveFileA                    000000007665d8e9 6 bytes JMP 704b000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!CopyFileExA                  000000007665ec29 6 bytes JMP 70aa000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!WinExec                      0000000076662c51 6 bytes JMP 7140000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread           000000007666419b 6 bytes JMP 716e000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx             00000000766645ef 6 bytes JMP 7122000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\kernel32.dll!SetThreadContext             00000000766653c3 6 bytes JMP 708b000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW               00000000754aca64 6 bytes JMP 70c2000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                  00000000754acc15 6 bytes JMP 70f8000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                00000000754acd01 6 bytes JMP 70fe000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA              00000000754b1469 6 bytes JMP 7104000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA               00000000754b14b3 6 bytes JMP 70ec000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW               00000000754b14d6 6 bytes JMP 70e9000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                00000000754b1514 6 bytes JMP 70fb000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                  00000000754b2459 6 bytes JMP 70f5000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA               00000000754b2bd8 6 bytes JMP 70c5000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA        00000000754b404a 6 bytes JMP 7085000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW              00000000754b40fe 6 bytes JMP 7101000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges        00000000754b418e 6 bytes JMP 707f000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW        00000000754b41b3 6 bytes JMP 7082000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken             00000000754b4304 6 bytes JMP 7088000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                00000000754b468d 6 bytes JMP 70ef000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW             00000000754b46ad 6 bytes JMP 70db000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA             00000000754b48ef 6 bytes JMP 70de000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                00000000754b4907 6 bytes JMP 70f2000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW               00000000754c712c 6 bytes JMP 7118000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                00000000754ca8b7 6 bytes JMP 705b000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA               00000000754e3158 6 bytes JMP 711b000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\USER32.dll!CreateWindowExW                0000000076f98a29 6 bytes JMP 7064000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\USER32.dll!CreateWindowExA                0000000076f9d22e 6 bytes JMP 7067000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\USER32.dll!SetWinEventHook                0000000076f9ee09 6 bytes JMP 7115000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\USER32.dll!SetWindowTextW                 0000000076fa20ec 6 bytes JMP 7051000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\USER32.dll!DrawTextW                      0000000076fa25cf 6 bytes JMP 706a000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\USER32.dll!GetKeyState                    0000000076fa291f 6 bytes JMP 712f000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW              0000000076fa7603 6 bytes JMP 7155000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\USER32.dll!SetWindowTextA                 0000000076fa7aee 6 bytes JMP 7054000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA              0000000076fa835c 6 bytes JMP 7158000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\USER32.dll!DrawTextA                      0000000076faaea1 6 bytes JMP 706d000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState               0000000076fbeb96 6 bytes JMP 712c000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\USER32.dll!DdeConnect                     0000000076fdeb7f 6 bytes JMP 7125000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                 0000000075993c31 6 bytes JMP 7149000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW             00000000759a0171 6 bytes JMP 70a0000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW               00000000759a1df6 6 bytes JMP 7143000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                0000000075bc748a 6 bytes JMP 7146000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                 0000000075bc7525 6 bytes JMP 714c000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon              0000000075bc8f9e 6 bytes JMP 70a3000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\WININET.dll!InternetOpenUrlA              000000007714d05f 6 bytes JMP 709a000a
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1968] C:\Windows\syswow64\WININET.dll!InternetOpenUrlW              000000007714dbf1 6 bytes JMP 7097000a

littleant · 20.09.2013, 17:32

Gmer Teil 2

Code:

ATTFilter

.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                               00000000765e103d 6 bytes JMP 714f000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                               00000000765e1072 6 bytes JMP 7152000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                                               00000000765e1222 6 bytes JMP 710e000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!WriteFile                                                                    00000000765e1282 6 bytes JMP 7094000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                                          00000000765e16dd 6 bytes JMP 7054000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                                                 00000000765e1826 6 bytes JMP 70cb000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                                          00000000765e18fe 6 bytes JMP 7076000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!OpenProcess                                                                  00000000765e1956 6 bytes JMP 7045000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                                              00000000765e31cf 6 bytes JMP 709d000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!CreateThread                                                                 00000000765e3475 6 bytes JMP 70ce000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                                  00000000765e3efc 6 bytes JMP 70d8000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                                                 00000000765e41ec 6 bytes JMP 707f000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                                             00000000765e41f9 6 bytes JMP 7097000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                                               00000000765e42ff 6 bytes JMP 70c8000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                                 00000000765e48cb 6 bytes JMP 715b000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                               00000000765e48fd 6 bytes JMP 716b000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                 00000000765e4977 6 bytes JMP 715e000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                                                 00000000765e4c0b 6 bytes JMP 7082000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                                                   00000000765e50f1 6 bytes JMP 7079000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                                  00000000765e5366 6 bytes JMP 70d5000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                                                  00000000765e53e4 6 bytes JMP 7067000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!LoadResource                                                                 00000000765e58ec 6 bytes JMP 70b3000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                              00000000765e79cf 6 bytes JMP 7135000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                                  00000000765e8953 6 bytes JMP 7064000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                                    00000000765f9a90 6 bytes JMP 704e000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                  00000000765f9acd 6 bytes JMP 7048000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                                        00000000765fc800 6 bytes JMP 7107000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                             00000000765fd79a 6 bytes JMP 7164000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                                           00000000765fd978 6 bytes JMP 7161000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                                                   00000000765fec07 6 bytes JMP 707c000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!CopyFileA                                                                    000000007660587d 6 bytes JMP 70b0000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                                    00000000766082a5 6 bytes JMP 70ad000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                  000000007660cc61 6 bytes JMP 704b000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                                             000000007660d4c6 6 bytes JMP 709a000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                                           00000000766580aa 6 bytes JMP 7132000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!MoveFileA                                                                    000000007665d8e9 6 bytes JMP 7051000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                                                  000000007665ec29 6 bytes JMP 70aa000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!WinExec                                                                      0000000076662c51 6 bytes JMP 7140000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                                           000000007666419b 6 bytes JMP 716e000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                                             00000000766645ef 6 bytes JMP 7122000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                                             00000000766653c3 6 bytes JMP 7091000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                0000000076f98a29 6 bytes JMP 706a000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                0000000076f9d22e 6 bytes JMP 706d000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                0000000076f9ee09 6 bytes JMP 7115000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                 0000000076fa20ec 6 bytes JMP 7057000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\USER32.dll!DrawTextW                                                                      0000000076fa25cf 6 bytes JMP 7070000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                    0000000076fa291f 6 bytes JMP 712f000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                              0000000076fa7603 6 bytes JMP 7155000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                 0000000076fa7aee 6 bytes JMP 705a000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                              0000000076fa835c 6 bytes JMP 7158000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\USER32.dll!DrawTextA                                                                      0000000076faaea1 6 bytes JMP 7073000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                               0000000076fbeb96 6 bytes JMP 712c000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\USER32.dll!DdeConnect                                                                     0000000076fdeb7f 6 bytes JMP 7125000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                                               00000000754aca64 6 bytes JMP 70c2000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                                                  00000000754acc15 6 bytes JMP 70f8000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                                                00000000754acd01 6 bytes JMP 70fe000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                                              00000000754b1469 6 bytes JMP 7104000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                                               00000000754b14b3 6 bytes JMP 70ec000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                                               00000000754b14d6 6 bytes JMP 70e9000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                                                00000000754b1514 6 bytes JMP 70fb000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                                                  00000000754b2459 6 bytes JMP 70f5000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                                               00000000754b2bd8 6 bytes JMP 70c5000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                                        00000000754b404a 6 bytes JMP 708b000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                                              00000000754b40fe 6 bytes JMP 7101000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                                        00000000754b418e 6 bytes JMP 7085000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                                        00000000754b41b3 6 bytes JMP 7088000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                                             00000000754b4304 6 bytes JMP 708e000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                                                00000000754b468d 6 bytes JMP 70ef000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                                             00000000754b46ad 6 bytes JMP 70db000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                                             00000000754b48ef 6 bytes JMP 70de000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                                                00000000754b4907 6 bytes JMP 70f2000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                               00000000754c712c 6 bytes JMP 7118000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                                                00000000754ca8b7 6 bytes JMP 7061000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                               00000000754e3158 6 bytes JMP 711b000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\shell32.dll!ShellExecuteW                                                                 0000000075993c31 6 bytes JMP 7149000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\shell32.dll!Shell_NotifyIconW                                                             00000000759a0171 6 bytes JMP 70a0000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\shell32.dll!ShellExecuteExW                                                               00000000759a1df6 6 bytes JMP 7143000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\shell32.dll!ShellExecuteEx                                                                0000000075bc748a 6 bytes JMP 7146000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\shell32.dll!ShellExecuteA                                                                 0000000075bc7525 6 bytes JMP 714c000a
.text     C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1152] C:\Windows\syswow64\shell32.dll!Shell_NotifyIcon                                                              0000000075bc8f9e 6 bytes JMP 70a3000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                          00000000765e103d 6 bytes JMP 714f000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                          00000000765e1072 6 bytes JMP 7152000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                                                          00000000765e1222 6 bytes JMP 710e000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!WriteFile                                                                               00000000765e1282 6 bytes JMP 708e000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                                                     00000000765e16dd 6 bytes JMP 704e000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                                                            00000000765e1826 6 bytes JMP 70cb000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                                                     00000000765e18fe 6 bytes JMP 7070000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!OpenProcess                                                                             00000000765e1956 6 bytes JMP 703f000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                                                         00000000765e31cf 6 bytes JMP 709d000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!CreateThread                                                                            00000000765e3475 6 bytes JMP 70ce000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                                             00000000765e3efc 6 bytes JMP 70d8000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                                                            00000000765e41ec 6 bytes JMP 7079000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                                                        00000000765e41f9 6 bytes JMP 7091000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                                                          00000000765e42ff 6 bytes JMP 70c8000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                                            00000000765e48cb 6 bytes JMP 715b000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                                          00000000765e48fd 6 bytes JMP 716b000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                            00000000765e4977 6 bytes JMP 715e000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                                                            00000000765e4c0b 6 bytes JMP 707c000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                                                              00000000765e50f1 6 bytes JMP 7073000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                                             00000000765e5366 6 bytes JMP 70d5000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                                                             00000000765e53e4 6 bytes JMP 7061000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!LoadResource                                                                            00000000765e58ec 6 bytes JMP 70b3000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                                         00000000765e79cf 6 bytes JMP 7135000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                                             00000000765e8953 6 bytes JMP 705e000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                                               00000000765f9a90 6 bytes JMP 7048000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                             00000000765f9acd 6 bytes JMP 7042000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                                                   00000000765fc800 6 bytes JMP 7107000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                                        00000000765fd79a 6 bytes JMP 7164000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                                                      00000000765fd978 6 bytes JMP 7161000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                                                              00000000765fec07 6 bytes JMP 7076000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!CopyFileA                                                                               000000007660587d 6 bytes JMP 70b0000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                                               00000000766082a5 6 bytes JMP 70ad000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                             000000007660cc61 6 bytes JMP 7045000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                                                        000000007660d4c6 6 bytes JMP 7094000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                                                      00000000766580aa 6 bytes JMP 7132000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!MoveFileA                                                                               000000007665d8e9 6 bytes JMP 704b000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                                                             000000007665ec29 6 bytes JMP 70aa000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                 0000000076662c51 6 bytes JMP 7140000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                                                      000000007666419b 6 bytes JMP 716e000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                                                        00000000766645ef 6 bytes JMP 7122000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                                                        00000000766653c3 6 bytes JMP 708b000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                           0000000076f98a29 6 bytes JMP 7064000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                           0000000076f9d22e 6 bytes JMP 7067000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                           0000000076f9ee09 6 bytes JMP 7115000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                            0000000076fa20ec 6 bytes JMP 7051000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\USER32.dll!DrawTextW                                                                                 0000000076fa25cf 6 bytes JMP 706a000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                               0000000076fa291f 6 bytes JMP 712f000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                         0000000076fa7603 6 bytes JMP 7155000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                            0000000076fa7aee 6 bytes JMP 7054000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                         0000000076fa835c 6 bytes JMP 7158000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\USER32.dll!DrawTextA                                                                                 0000000076faaea1 6 bytes JMP 706d000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                          0000000076fbeb96 6 bytes JMP 712c000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\USER32.dll!DdeConnect                                                                                0000000076fdeb7f 6 bytes JMP 7125000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                                                          00000000754aca64 6 bytes JMP 70c2000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                                                             00000000754acc15 6 bytes JMP 70f8000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                                                           00000000754acd01 6 bytes JMP 70fe000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                                                         00000000754b1469 6 bytes JMP 7104000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                                                          00000000754b14b3 6 bytes JMP 70ec000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                                                          00000000754b14d6 6 bytes JMP 70e9000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                                                           00000000754b1514 6 bytes JMP 70fb000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                                                             00000000754b2459 6 bytes JMP 70f5000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                                                          00000000754b2bd8 6 bytes JMP 70c5000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                                                   00000000754b404a 6 bytes JMP 7085000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                                                         00000000754b40fe 6 bytes JMP 7101000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                                                   00000000754b418e 6 bytes JMP 707f000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                                                   00000000754b41b3 6 bytes JMP 7082000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                                                        00000000754b4304 6 bytes JMP 7088000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                                                           00000000754b468d 6 bytes JMP 70ef000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                                                        00000000754b46ad 6 bytes JMP 70db000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                                                        00000000754b48ef 6 bytes JMP 70de000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                                                           00000000754b4907 6 bytes JMP 70f2000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                          00000000754c712c 6 bytes JMP 7118000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                                                           00000000754ca8b7 6 bytes JMP 705b000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                          00000000754e3158 6 bytes JMP 711b000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                                                            0000000075993c31 6 bytes JMP 7149000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                                        00000000759a0171 6 bytes JMP 70a0000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                                                                          00000000759a1df6 6 bytes JMP 7143000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                                                                           0000000075bc748a 6 bytes JMP 7146000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                                                                            0000000075bc7525 6 bytes JMP 714c000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                                                                         0000000075bc8f9e 6 bytes JMP 70a3000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\WININET.dll!InternetOpenUrlA                                                                         000000007714d05f 6 bytes JMP 709a000a
.text     C:\Windows\SysWOW64\XSrvSetup.exe[1576] C:\Windows\syswow64\WININET.dll!InternetOpenUrlW                                                                         000000007714dbf1 6 bytes JMP 7097000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                  00000000765e103d 6 bytes JMP 714f000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                  00000000765e1072 6 bytes JMP 7152000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                                  00000000765e1222 6 bytes JMP 710e000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!WriteFile                                                       00000000765e1282 6 bytes JMP 7094000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                             00000000765e16dd 6 bytes JMP 7054000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                                    00000000765e1826 6 bytes JMP 70cb000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                             00000000765e18fe 6 bytes JMP 7076000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!OpenProcess                                                     00000000765e1956 6 bytes JMP 7045000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                                 00000000765e31cf 6 bytes JMP 709d000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!CreateThread                                                    00000000765e3475 6 bytes JMP 70ce000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                     00000000765e3efc 6 bytes JMP 70d8000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                                    00000000765e41ec 6 bytes JMP 707f000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                                00000000765e41f9 6 bytes JMP 7097000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                                  00000000765e42ff 6 bytes JMP 70c8000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                    00000000765e48cb 6 bytes JMP 715b000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                  00000000765e48fd 6 bytes JMP 716b000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                    00000000765e4977 6 bytes JMP 715e000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                                    00000000765e4c0b 6 bytes JMP 7082000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                                      00000000765e50f1 6 bytes JMP 7079000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                     00000000765e5366 6 bytes JMP 70d5000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                                     00000000765e53e4 6 bytes JMP 7067000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!LoadResource                                                    00000000765e58ec 6 bytes JMP 70b3000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                 00000000765e79cf 6 bytes JMP 7135000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                     00000000765e8953 6 bytes JMP 7064000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                       00000000765f9a90 6 bytes JMP 704e000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                     00000000765f9acd 6 bytes JMP 7048000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                           00000000765fc800 6 bytes JMP 7107000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                00000000765fd79a 6 bytes JMP 7164000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                              00000000765fd978 6 bytes JMP 7161000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                                      00000000765fec07 6 bytes JMP 707c000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!CopyFileA                                                       000000007660587d 6 bytes JMP 70b0000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                       00000000766082a5 6 bytes JMP 70ad000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                     000000007660cc61 6 bytes JMP 704b000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                                000000007660d4c6 6 bytes JMP 709a000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                              00000000766580aa 6 bytes JMP 7132000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!MoveFileA                                                       000000007665d8e9 6 bytes JMP 7051000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                                     000000007665ec29 6 bytes JMP 70aa000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!WinExec                                                         0000000076662c51 6 bytes JMP 7140000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                              000000007666419b 6 bytes JMP 716e000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                                00000000766645ef 6 bytes JMP 7122000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                                00000000766653c3 6 bytes JMP 7091000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                                  00000000754aca64 6 bytes JMP 70c2000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                                     00000000754acc15 6 bytes JMP 70f8000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                                   00000000754acd01 6 bytes JMP 70fe000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                                 00000000754b1469 6 bytes JMP 7104000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                                  00000000754b14b3 6 bytes JMP 70ec000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                                  00000000754b14d6 6 bytes JMP 70e9000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                                   00000000754b1514 6 bytes JMP 70fb000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                                     00000000754b2459 6 bytes JMP 70f5000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                                  00000000754b2bd8 6 bytes JMP 70c5000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                           00000000754b404a 6 bytes JMP 708b000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                                 00000000754b40fe 6 bytes JMP 7101000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                           00000000754b418e 6 bytes JMP 7085000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                           00000000754b41b3 6 bytes JMP 7088000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                                00000000754b4304 6 bytes JMP 708e000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                                   00000000754b468d 6 bytes JMP 70ef000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                                00000000754b46ad 6 bytes JMP 70db000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                                00000000754b48ef 6 bytes JMP 70de000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                                   00000000754b4907 6 bytes JMP 70f2000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                  00000000754c712c 6 bytes JMP 7118000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                                   00000000754ca8b7 6 bytes JMP 7061000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                  00000000754e3158 6 bytes JMP 711b000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\user32.dll!CreateWindowExW                                                   0000000076f98a29 6 bytes JMP 706a000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\user32.dll!CreateWindowExA                                                   0000000076f9d22e 6 bytes JMP 706d000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\user32.dll!SetWinEventHook                                                   0000000076f9ee09 6 bytes JMP 7115000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\user32.dll!SetWindowTextW                                                    0000000076fa20ec 6 bytes JMP 7057000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\user32.dll!DrawTextW                                                         0000000076fa25cf 6 bytes JMP 7070000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\user32.dll!GetKeyState                                                       0000000076fa291f 6 bytes JMP 712f000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\user32.dll!SetWindowsHookExW                                                 0000000076fa7603 6 bytes JMP 7155000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\user32.dll!SetWindowTextA                                                    0000000076fa7aee 6 bytes JMP 705a000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\user32.dll!SetWindowsHookExA                                                 0000000076fa835c 6 bytes JMP 7158000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\user32.dll!DrawTextA                                                         0000000076faaea1 6 bytes JMP 7073000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\user32.dll!GetAsyncKeyState                                                  0000000076fbeb96 6 bytes JMP 712c000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\user32.dll!DdeConnect                                                        0000000076fdeb7f 6 bytes JMP 7125000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                                    0000000075993c31 6 bytes JMP 7149000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                00000000759a0171 6 bytes JMP 70a0000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                                                  00000000759a1df6 6 bytes JMP 7143000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                                                   0000000075bc748a 6 bytes JMP 7146000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                                                    0000000075bc7525 6 bytes JMP 714c000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2060] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                                                 0000000075bc8f9e 6 bytes JMP 70a3000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                                              00000000778f000c 1 byte [C3]
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                         000000007797f8ea 5 bytes JMP 000000017792d5c1
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                          00000000765e103d 6 bytes JMP 6d44000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                          00000000765e1072 6 bytes JMP 6d47000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                          00000000765e1222 6 bytes JMP 6d03000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!WriteFile                                               00000000765e1282 6 bytes JMP 6c89000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                     00000000765e16dd 6 bytes JMP 6c49000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                            00000000765e1826 6 bytes JMP 6cc0000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                     00000000765e18fe 6 bytes JMP 6c6b000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!OpenProcess                                             00000000765e1956 6 bytes JMP 6c3a000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                         00000000765e31cf 6 bytes JMP 6c92000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!CreateThread                                            00000000765e3475 6 bytes JMP 6cc3000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!CreateFileW                                             00000000765e3efc 6 bytes JMP 6ccd000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                            00000000765e41ec 6 bytes JMP 6c74000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                        00000000765e41f9 6 bytes JMP 6c8c000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                          00000000765e42ff 6 bytes JMP 6cbd000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                            00000000765e48cb 6 bytes JMP 6d69000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                          00000000765e48fd 6 bytes JMP 6d7c000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                            00000000765e4977 6 bytes JMP 6d6c000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                            00000000765e4c0b 6 bytes JMP 6c77000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                              00000000765e50f1 6 bytes JMP 6c6e000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!CreateFileA                                             00000000765e5366 6 bytes JMP 6cca000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                             00000000765e53e4 6 bytes JMP 6c5c000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!LoadResource                                            00000000765e58ec 6 bytes JMP 6ca8000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!TerminateThread                                         00000000765e79cf 6 bytes JMP 6d2a000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                             00000000765e8953 6 bytes JMP 6c59000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!MoveFileW                                               00000000765f9a90 6 bytes JMP 6c43000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                             00000000765f9acd 6 bytes JMP 6c3d000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                   00000000765fc800 6 bytes JMP 6cfc000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                        00000000765fd79a 6 bytes JMP 6d75000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                      00000000765fd978 6 bytes JMP 6d6f000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                              00000000765fec07 6 bytes JMP 6c71000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!CopyFileA                                               000000007660587d 6 bytes JMP 6ca5000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!CopyFileW                                               00000000766082a5 6 bytes JMP 6ca2000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                             000000007660cc61 6 bytes JMP 6c40000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                        000000007660d4c6 6 bytes JMP 6c8f000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                      00000000766580aa 6 bytes JMP 6d27000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!MoveFileA                                               000000007665d8e9 6 bytes JMP 6c46000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                             000000007665ec29 6 bytes JMP 6c9f000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!WinExec                                                 0000000076662c51 6 bytes JMP 6d35000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                      000000007666419b 6 bytes JMP 6ffa000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                        00000000766645ef 6 bytes JMP 6d17000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                        00000000766653c3 6 bytes JMP 6c86000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                          00000000754aca64 6 bytes JMP 6cb7000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                             00000000754acc15 4 bytes JMP 6ced000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA + 5                                         00000000754acc1a 1 byte [6C]
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                           00000000754acd01 6 bytes JMP 6cf3000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                         00000000754b1469 6 bytes JMP 6cf9000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                          00000000754b14b3 6 bytes JMP 6ce1000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                          00000000754b14d6 6 bytes JMP 6cde000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                           00000000754b1514 6 bytes JMP 6cf0000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                             00000000754b2459 6 bytes JMP 6cea000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                          00000000754b2bd8 6 bytes JMP 6cba000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                   00000000754b404a 6 bytes JMP 6c80000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                         00000000754b40fe 6 bytes JMP 6cf6000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                   00000000754b418e 6 bytes JMP 6c7a000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                   00000000754b41b3 6 bytes JMP 6c7d000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                        00000000754b4304 6 bytes JMP 6c83000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                           00000000754b468d 6 bytes JMP 6ce4000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                        00000000754b46ad 6 bytes JMP 6cd0000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                        00000000754b48ef 6 bytes JMP 6cd3000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                           00000000754b4907 6 bytes JMP 6ce7000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                          00000000754c712c 6 bytes JMP 6d0d000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                           00000000754ca8b7 6 bytes JMP 6c56000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                          00000000754e3158 6 bytes JMP 6d10000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                           0000000076f98a29 6 bytes JMP 6c5f000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                           0000000076f9d22e 6 bytes JMP 6c62000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                           0000000076f9ee09 6 bytes JMP 6d0a000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                            0000000076fa20ec 6 bytes JMP 6c4c000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\USER32.dll!DrawTextW                                                 0000000076fa25cf 6 bytes JMP 6c65000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\USER32.dll!GetKeyState                                               0000000076fa291f 6 bytes JMP 6d24000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                         0000000076fa7603 6 bytes JMP 6d4a000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                            0000000076fa7aee 6 bytes JMP 6c4f000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                         0000000076fa835c 6 bytes JMP 6d66000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\USER32.dll!DrawTextA                                                 0000000076faaea1 6 bytes JMP 6c68000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                          0000000076fbeb96 6 bytes JMP 6d21000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\USER32.dll!DdeConnect                                                0000000076fdeb7f 6 bytes JMP 6d1a000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\shell32.dll!ShellExecuteW                                            0000000075993c31 6 bytes JMP 6d3e000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\shell32.dll!Shell_NotifyIconW                                        00000000759a0171 6 bytes JMP 6c95000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\shell32.dll!ShellExecuteExW                                          00000000759a1df6 6 bytes JMP 6d38000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\shell32.dll!ShellExecuteEx                                           0000000075bc748a 6 bytes JMP 6d3b000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\shell32.dll!ShellExecuteA                                            0000000075bc7525 6 bytes JMP 6d41000a
.text     C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe[2128] C:\Windows\syswow64\shell32.dll!Shell_NotifyIcon                                         0000000075bc8f9e 6 bytes JMP 6c98000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                            00000000765e103d 6 bytes JMP 714f000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                            00000000765e1072 6 bytes JMP 7152000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                                                            00000000765e1222 6 bytes JMP 710e000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!WriteFile                                                                                 00000000765e1282 6 bytes JMP 7094000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                                                       00000000765e16dd 6 bytes JMP 7054000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                                                              00000000765e1826 6 bytes JMP 70cb000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                                                       00000000765e18fe 6 bytes JMP 7076000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!OpenProcess                                                                               00000000765e1956 6 bytes JMP 7045000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                                                           00000000765e31cf 6 bytes JMP 709d000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!CreateThread                                                                              00000000765e3475 6 bytes JMP 70ce000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                                               00000000765e3efc 6 bytes JMP 70d8000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                                                              00000000765e41ec 6 bytes JMP 707f000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                                                          00000000765e41f9 6 bytes JMP 7097000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                                                            00000000765e42ff 6 bytes JMP 70c8000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                                              00000000765e48cb 6 bytes JMP 715b000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                                            00000000765e48fd 6 bytes JMP 716b000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                              00000000765e4977 6 bytes JMP 715e000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                                                              00000000765e4c0b 6 bytes JMP 7082000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                                                                00000000765e50f1 6 bytes JMP 7079000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                                               00000000765e5366 6 bytes JMP 70d5000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                                                               00000000765e53e4 6 bytes JMP 7067000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!LoadResource                                                                              00000000765e58ec 6 bytes JMP 70b3000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                                           00000000765e79cf 6 bytes JMP 7135000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                                               00000000765e8953 6 bytes JMP 7064000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                                                 00000000765f9a90 6 bytes JMP 704e000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                               00000000765f9acd 6 bytes JMP 7048000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                                                     00000000765fc800 6 bytes JMP 7107000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                                          00000000765fd79a 6 bytes JMP 7164000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                                                        00000000765fd978 6 bytes JMP 7161000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                                                                00000000765fec07 6 bytes JMP 707c000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!CopyFileA                                                                                 000000007660587d 6 bytes JMP 70b0000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                                                 00000000766082a5 6 bytes JMP 70ad000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                               000000007660cc61 6 bytes JMP 704b000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                                                          000000007660d4c6 6 bytes JMP 709a000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                                                        00000000766580aa 6 bytes JMP 7132000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!MoveFileA                                                                                 000000007665d8e9 6 bytes JMP 7051000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                                                               000000007665ec29 6 bytes JMP 70aa000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                   0000000076662c51 6 bytes JMP 7140000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                                                        000000007666419b 6 bytes JMP 716e000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                                                          00000000766645ef 6 bytes JMP 7122000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                                                          00000000766653c3 6 bytes JMP 7091000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                             0000000076f98a29 6 bytes JMP 706a000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                             0000000076f9d22e 6 bytes JMP 706d000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                             0000000076f9ee09 6 bytes JMP 7115000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                              0000000076fa20ec 6 bytes JMP 7057000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\USER32.dll!DrawTextW                                                                                   0000000076fa25cf 6 bytes JMP 7070000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                 0000000076fa291f 6 bytes JMP 712f000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                           0000000076fa7603 6 bytes JMP 7155000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                              0000000076fa7aee 6 bytes JMP 705a000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                           0000000076fa835c 6 bytes JMP 7158000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\USER32.dll!DrawTextA                                                                                   0000000076faaea1 6 bytes JMP 7073000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                            0000000076fbeb96 6 bytes JMP 712c000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\USER32.dll!DdeConnect                                                                                  0000000076fdeb7f 6 bytes JMP 7125000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                                                            00000000754aca64 6 bytes JMP 70c2000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                                                               00000000754acc15 6 bytes JMP 70f8000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                                                             00000000754acd01 6 bytes JMP 70fe000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                                                           00000000754b1469 6 bytes JMP 7104000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                                                            00000000754b14b3 6 bytes JMP 70ec000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                                                            00000000754b14d6 6 bytes JMP 70e9000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                                                             00000000754b1514 6 bytes JMP 70fb000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                                                               00000000754b2459 6 bytes JMP 70f5000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                                                            00000000754b2bd8 6 bytes JMP 70c5000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                                                     00000000754b404a 6 bytes JMP 708b000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                                                           00000000754b40fe 6 bytes JMP 7101000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                                                     00000000754b418e 6 bytes JMP 7085000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                                                     00000000754b41b3 6 bytes JMP 7088000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                                                          00000000754b4304 6 bytes JMP 708e000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                                                             00000000754b468d 6 bytes JMP 70ef000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                                                          00000000754b46ad 6 bytes JMP 70db000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                                                          00000000754b48ef 6 bytes JMP 70de000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                                                             00000000754b4907 6 bytes JMP 70f2000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                            00000000754c712c 6 bytes JMP 7118000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                                                             00000000754ca8b7 6 bytes JMP 7061000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                            00000000754e3158 6 bytes JMP 711b000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                                                              0000000075993c31 6 bytes JMP 7149000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                                          00000000759a0171 6 bytes JMP 70a0000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                                                                            00000000759a1df6 6 bytes JMP 7143000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                                                                             0000000075bc748a 6 bytes JMP 7146000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                                                                              0000000075bc7525 6 bytes JMP 714c000a
.text     C:\Windows\SysWOW64\brss01a.exe[2172] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                                                                           0000000075bc8f9e 6 bytes JMP 70a3000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                  00000000765e103d 6 bytes JMP 714f000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                  00000000765e1072 6 bytes JMP 7152000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                                  00000000765e1222 6 bytes JMP 710e000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!WriteFile                                                       00000000765e1282 6 bytes JMP 7094000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                             00000000765e16dd 6 bytes JMP 7054000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                                    00000000765e1826 6 bytes JMP 70cb000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                             00000000765e18fe 6 bytes JMP 7076000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!OpenProcess                                                     00000000765e1956 6 bytes JMP 7045000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                                 00000000765e31cf 6 bytes JMP 709d000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!CreateThread                                                    00000000765e3475 6 bytes JMP 70ce000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                     00000000765e3efc 6 bytes JMP 70d8000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                                    00000000765e41ec 6 bytes JMP 707f000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                                00000000765e41f9 6 bytes JMP 7097000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                                  00000000765e42ff 6 bytes JMP 70c8000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                    00000000765e48cb 6 bytes JMP 715b000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                  00000000765e48fd 6 bytes JMP 716b000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                    00000000765e4977 6 bytes JMP 715e000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                                    00000000765e4c0b 6 bytes JMP 7082000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                                      00000000765e50f1 6 bytes JMP 7079000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                     00000000765e5366 6 bytes JMP 70d5000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                                     00000000765e53e4 6 bytes JMP 7067000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!LoadResource                                                    00000000765e58ec 6 bytes JMP 70b3000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                 00000000765e79cf 6 bytes JMP 7135000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                     00000000765e8953 6 bytes JMP 7064000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                       00000000765f9a90 6 bytes JMP 704e000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                     00000000765f9acd 6 bytes JMP 7048000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                           00000000765fc800 6 bytes JMP 7107000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                00000000765fd79a 6 bytes JMP 7164000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                              00000000765fd978 6 bytes JMP 7161000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                                      00000000765fec07 6 bytes JMP 707c000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!CopyFileA                                                       000000007660587d 6 bytes JMP 70b0000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                       00000000766082a5 6 bytes JMP 70ad000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                     000000007660cc61 6 bytes JMP 704b000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                                000000007660d4c6 6 bytes JMP 709a000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                              00000000766580aa 6 bytes JMP 7132000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!MoveFileA                                                       000000007665d8e9 6 bytes JMP 7051000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                                     000000007665ec29 6 bytes JMP 70aa000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!WinExec                                                         0000000076662c51 6 bytes JMP 7140000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                              000000007666419b 6 bytes JMP 716e000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                                00000000766645ef 6 bytes JMP 7122000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                                00000000766653c3 6 bytes JMP 7091000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                                  00000000754aca64 6 bytes JMP 70c2000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                                     00000000754acc15 6 bytes JMP 70f8000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                                   00000000754acd01 6 bytes JMP 70fe000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                                 00000000754b1469 6 bytes JMP 7104000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                                  00000000754b14b3 6 bytes JMP 70ec000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                                  00000000754b14d6 6 bytes JMP 70e9000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                                   00000000754b1514 6 bytes JMP 70fb000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                                     00000000754b2459 6 bytes JMP 70f5000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                                  00000000754b2bd8 6 bytes JMP 70c5000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                           00000000754b404a 6 bytes JMP 708b000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                                 00000000754b40fe 6 bytes JMP 7101000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                           00000000754b418e 6 bytes JMP 7085000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                           00000000754b41b3 6 bytes JMP 7088000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                                00000000754b4304 6 bytes JMP 708e000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                                   00000000754b468d 6 bytes JMP 70ef000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                                00000000754b46ad 6 bytes JMP 70db000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                                00000000754b48ef 6 bytes JMP 70de000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                                   00000000754b4907 6 bytes JMP 70f2000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                  00000000754c712c 6 bytes JMP 7118000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                                   00000000754ca8b7 6 bytes JMP 7061000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                  00000000754e3158 6 bytes JMP 711b000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\user32.dll!CreateWindowExW                                                   0000000076f98a29 6 bytes JMP 706a000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\user32.dll!CreateWindowExA                                                   0000000076f9d22e 6 bytes JMP 706d000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\user32.dll!SetWinEventHook                                                   0000000076f9ee09 6 bytes JMP 7115000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\user32.dll!SetWindowTextW                                                    0000000076fa20ec 6 bytes JMP 7057000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\user32.dll!DrawTextW                                                         0000000076fa25cf 6 bytes JMP 7070000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\user32.dll!GetKeyState                                                       0000000076fa291f 6 bytes JMP 712f000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\user32.dll!SetWindowsHookExW                                                 0000000076fa7603 6 bytes JMP 7155000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\user32.dll!SetWindowTextA                                                    0000000076fa7aee 6 bytes JMP 705a000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\user32.dll!SetWindowsHookExA                                                 0000000076fa835c 6 bytes JMP 7158000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\user32.dll!DrawTextA                                                         0000000076faaea1 6 bytes JMP 7073000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\user32.dll!GetAsyncKeyState                                                  0000000076fbeb96 6 bytes JMP 712c000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\user32.dll!DdeConnect                                                        0000000076fdeb7f 6 bytes JMP 7125000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                                    0000000075993c31 6 bytes JMP 7149000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                00000000759a0171 6 bytes JMP 70a0000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                                                  00000000759a1df6 6 bytes JMP 7143000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                                                   0000000075bc748a 6 bytes JMP 7146000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                                                    0000000075bc7525 6 bytes JMP 714c000a
.text     C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe[2400] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                                                 0000000075bc8f9e 6 bytes JMP 70a3000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                      00000000765e103d 6 bytes JMP 714f000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                      00000000765e1072 6 bytes JMP 7152000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                                      00000000765e1222 6 bytes JMP 710e000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!WriteFile                                                           00000000765e1282 6 bytes JMP 708e000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                                 00000000765e16dd 6 bytes JMP 704e000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                                        00000000765e1826 6 bytes JMP 70cb000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                                 00000000765e18fe 6 bytes JMP 7070000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!OpenProcess                                                         00000000765e1956 6 bytes JMP 703f000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                                     00000000765e31cf 6 bytes JMP 709d000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!CreateThread                                                        00000000765e3475 6 bytes JMP 70ce000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                         00000000765e3efc 6 bytes JMP 70d8000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                                        00000000765e41ec 6 bytes JMP 7079000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                                    00000000765e41f9 6 bytes JMP 7091000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                                      00000000765e42ff 6 bytes JMP 70c8000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                        00000000765e48cb 6 bytes JMP 715b000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                      00000000765e48fd 6 bytes JMP 716b000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                        00000000765e4977 6 bytes JMP 715e000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                                        00000000765e4c0b 6 bytes JMP 707c000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                                          00000000765e50f1 6 bytes JMP 7073000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                         00000000765e5366 6 bytes JMP 70d5000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                                         00000000765e53e4 6 bytes JMP 7061000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!LoadResource                                                        00000000765e58ec 6 bytes JMP 70b3000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                     00000000765e79cf 6 bytes JMP 7135000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                         00000000765e8953 6 bytes JMP 705e000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                           00000000765f9a90 6 bytes JMP 7048000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                         00000000765f9acd 6 bytes JMP 7042000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                               00000000765fc800 6 bytes JMP 7107000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                    00000000765fd79a 6 bytes JMP 7164000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                                  00000000765fd978 6 bytes JMP 7161000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                                          00000000765fec07 6 bytes JMP 7076000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!CopyFileA                                                           000000007660587d 6 bytes JMP 70b0000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                           00000000766082a5 6 bytes JMP 70ad000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                         000000007660cc61 6 bytes JMP 7045000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                                    000000007660d4c6 6 bytes JMP 7094000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                                  00000000766580aa 6 bytes JMP 7132000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!MoveFileA                                                           000000007665d8e9 6 bytes JMP 704b000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                                         000000007665ec29 6 bytes JMP 70aa000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!WinExec                                                             0000000076662c51 6 bytes JMP 7140000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                                  000000007666419b 6 bytes JMP 716e000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                                    00000000766645ef 6 bytes JMP 7122000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                                    00000000766653c3 6 bytes JMP 708b000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                                      00000000754aca64 6 bytes JMP 70c2000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                                         00000000754acc15 6 bytes JMP 70f8000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                                       00000000754acd01 6 bytes JMP 70fe000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                                     00000000754b1469 6 bytes JMP 7104000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                                      00000000754b14b3 6 bytes JMP 70ec000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                                      00000000754b14d6 6 bytes JMP 70e9000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                                       00000000754b1514 6 bytes JMP 70fb000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                                         00000000754b2459 6 bytes JMP 70f5000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                                      00000000754b2bd8 6 bytes JMP 70c5000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                               00000000754b404a 6 bytes JMP 7085000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                                     00000000754b40fe 6 bytes JMP 7101000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                               00000000754b418e 6 bytes JMP 707f000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                               00000000754b41b3 6 bytes JMP 7082000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                                    00000000754b4304 6 bytes JMP 7088000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                                       00000000754b468d 6 bytes JMP 70ef000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                                    00000000754b46ad 6 bytes JMP 70db000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                                    00000000754b48ef 6 bytes JMP 70de000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                                       00000000754b4907 6 bytes JMP 70f2000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                      00000000754c712c 6 bytes JMP 7118000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                                       00000000754ca8b7 6 bytes JMP 705b000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                      00000000754e3158 6 bytes JMP 711b000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                       0000000076f98a29 6 bytes JMP 7064000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                       0000000076f9d22e 6 bytes JMP 7067000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                       0000000076f9ee09 6 bytes JMP 7115000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                        0000000076fa20ec 6 bytes JMP 7051000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\USER32.dll!DrawTextW                                                             0000000076fa25cf 6 bytes JMP 706a000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\USER32.dll!GetKeyState                                                           0000000076fa291f 6 bytes JMP 712f000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                     0000000076fa7603 6 bytes JMP 7155000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                        0000000076fa7aee 6 bytes JMP 7054000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                     0000000076fa835c 6 bytes JMP 7158000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\USER32.dll!DrawTextA                                                             0000000076faaea1 6 bytes JMP 706d000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                      0000000076fbeb96 6 bytes JMP 712c000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\USER32.dll!DdeConnect                                                            0000000076fdeb7f 6 bytes JMP 7125000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\WININET.dll!InternetOpenUrlA                                                     000000007714d05f 6 bytes JMP 709a000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\WININET.dll!InternetOpenUrlW                                                     000000007714dbf1 6 bytes JMP 7097000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                                        0000000075993c31 6 bytes JMP 7149000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                    00000000759a0171 6 bytes JMP 70a0000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                                                      00000000759a1df6 6 bytes JMP 7143000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                                                       0000000075bc748a 6 bytes JMP 7146000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                                                        0000000075bc7525 6 bytes JMP 714c000a
.text     C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe[2956] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                                                     0000000075bc8f9e 6 bytes JMP 70a3000a

littleant · 20.09.2013, 17:33

Gmer Teil 3

Code:

ATTFilter

.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                             00000000765e103d 6 bytes JMP 714f000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                             00000000765e1072 6 bytes JMP 7152000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                             00000000765e1222 6 bytes JMP 710e000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!WriteFile                                                  00000000765e1282 6 bytes JMP 7094000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                        00000000765e16dd 6 bytes JMP 7054000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                               00000000765e1826 6 bytes JMP 70cb000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                        00000000765e18fe 6 bytes JMP 7076000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!OpenProcess                                                00000000765e1956 6 bytes JMP 7045000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                            00000000765e31cf 6 bytes JMP 709d000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!CreateThread                                               00000000765e3475 6 bytes JMP 70ce000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                00000000765e3efc 6 bytes JMP 70d8000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                               00000000765e41ec 6 bytes JMP 707f000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                           00000000765e41f9 6 bytes JMP 7097000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                             00000000765e42ff 6 bytes JMP 70c8000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                               00000000765e48cb 6 bytes JMP 715b000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                             00000000765e48fd 6 bytes JMP 716b000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                               00000000765e4977 6 bytes JMP 715e000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                               00000000765e4c0b 6 bytes JMP 7082000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                                 00000000765e50f1 6 bytes JMP 7079000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                00000000765e5366 6 bytes JMP 70d5000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                                00000000765e53e4 6 bytes JMP 7067000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!LoadResource                                               00000000765e58ec 6 bytes JMP 70b3000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!TerminateThread                                            00000000765e79cf 6 bytes JMP 7135000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                00000000765e8953 6 bytes JMP 7064000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                  00000000765f9a90 6 bytes JMP 704e000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                00000000765f9acd 6 bytes JMP 7048000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                      00000000765fc800 6 bytes JMP 7107000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                           00000000765fd79a 6 bytes JMP 7164000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                         00000000765fd978 6 bytes JMP 7161000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                                 00000000765fec07 6 bytes JMP 707c000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!CopyFileA                                                  000000007660587d 6 bytes JMP 70b0000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                  00000000766082a5 6 bytes JMP 70ad000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                000000007660cc61 6 bytes JMP 704b000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                           000000007660d4c6 6 bytes JMP 709a000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                         00000000766580aa 6 bytes JMP 7132000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!MoveFileA                                                  000000007665d8e9 6 bytes JMP 7051000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                                000000007665ec29 6 bytes JMP 70aa000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!WinExec                                                    0000000076662c51 6 bytes JMP 7140000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                         000000007666419b 6 bytes JMP 716e000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                           00000000766645ef 6 bytes JMP 7122000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                           00000000766653c3 6 bytes JMP 7091000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                             00000000754aca64 6 bytes JMP 70c2000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                                00000000754acc15 6 bytes JMP 70f8000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                              00000000754acd01 6 bytes JMP 70fe000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                            00000000754b1469 6 bytes JMP 7104000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                             00000000754b14b3 6 bytes JMP 70ec000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                             00000000754b14d6 6 bytes JMP 70e9000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                              00000000754b1514 6 bytes JMP 70fb000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                                00000000754b2459 6 bytes JMP 70f5000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                             00000000754b2bd8 6 bytes JMP 70c5000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                      00000000754b404a 6 bytes JMP 708b000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                            00000000754b40fe 6 bytes JMP 7101000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                      00000000754b418e 6 bytes JMP 7085000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                      00000000754b41b3 6 bytes JMP 7088000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                           00000000754b4304 6 bytes JMP 708e000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                              00000000754b468d 6 bytes JMP 70ef000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                           00000000754b46ad 6 bytes JMP 70db000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                           00000000754b48ef 6 bytes JMP 70de000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                              00000000754b4907 6 bytes JMP 70f2000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                             00000000754c712c 6 bytes JMP 7118000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                              00000000754ca8b7 6 bytes JMP 7061000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                             00000000754e3158 6 bytes JMP 711b000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                              0000000076f98a29 6 bytes JMP 706a000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                              0000000076f9d22e 6 bytes JMP 706d000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                              0000000076f9ee09 6 bytes JMP 7115000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                               0000000076fa20ec 6 bytes JMP 7057000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\USER32.dll!DrawTextW                                                    0000000076fa25cf 6 bytes JMP 7070000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\USER32.dll!GetKeyState                                                  0000000076fa291f 6 bytes JMP 712f000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                            0000000076fa7603 6 bytes JMP 7155000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                               0000000076fa7aee 6 bytes JMP 705a000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                            0000000076fa835c 6 bytes JMP 7158000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\USER32.dll!DrawTextA                                                    0000000076faaea1 6 bytes JMP 7073000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                             0000000076fbeb96 6 bytes JMP 712c000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\USER32.dll!DdeConnect                                                   0000000076fdeb7f 6 bytes JMP 7125000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                               0000000075993c31 6 bytes JMP 7149000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                           00000000759a0171 6 bytes JMP 70a0000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                                             00000000759a1df6 6 bytes JMP 7143000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                                              0000000075bc748a 6 bytes JMP 7146000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                                               0000000075bc7525 6 bytes JMP 714c000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe[3000] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                                            0000000075bc8f9e 6 bytes JMP 70a3000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                   00000000765e103d 6 bytes JMP 7150000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                   00000000765e1072 6 bytes JMP 7153000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                                   00000000765e1222 6 bytes JMP 710f000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!WriteFile                                                        00000000765e1282 6 bytes JMP 7095000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                              00000000765e16dd 6 bytes JMP 7055000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                                     00000000765e1826 6 bytes JMP 70cc000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                              00000000765e18fe 6 bytes JMP 7077000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!OpenProcess                                                      00000000765e1956 6 bytes JMP 7046000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                                  00000000765e31cf 6 bytes JMP 709e000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!CreateThread                                                     00000000765e3475 6 bytes JMP 70cf000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                      00000000765e3efc 6 bytes JMP 70d9000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                                     00000000765e41ec 6 bytes JMP 7080000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                                 00000000765e41f9 6 bytes JMP 7098000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                                   00000000765e42ff 6 bytes JMP 70c9000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                     00000000765e48cb 6 bytes JMP 715c000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                   00000000765e48fd 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                     00000000765e4977 6 bytes JMP 715f000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                                     00000000765e4c0b 6 bytes JMP 7083000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                                       00000000765e50f1 6 bytes JMP 707a000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                      00000000765e5366 6 bytes JMP 70d6000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                                      00000000765e53e4 6 bytes JMP 7068000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!LoadResource                                                     00000000765e58ec 6 bytes JMP 70b4000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                  00000000765e79cf 6 bytes JMP 7136000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                      00000000765e8953 6 bytes JMP 7065000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                        00000000765f9a90 6 bytes JMP 704f000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                      00000000765f9acd 6 bytes JMP 7049000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                            00000000765fc800 6 bytes JMP 7108000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                 00000000765fd79a 6 bytes JMP 7165000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                               00000000765fd978 6 bytes JMP 7162000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                                       00000000765fec07 6 bytes JMP 707d000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!CopyFileA                                                        000000007660587d 6 bytes JMP 70b1000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                        00000000766082a5 6 bytes JMP 70ae000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                      000000007660cc61 6 bytes JMP 704c000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                                 000000007660d4c6 6 bytes JMP 709b000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                               00000000766580aa 6 bytes JMP 7133000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!MoveFileA                                                        000000007665d8e9 6 bytes JMP 7052000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                                      000000007665ec29 6 bytes JMP 70ab000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!WinExec                                                          0000000076662c51 6 bytes JMP 7141000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                               000000007666419b 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                                 00000000766645ef 6 bytes JMP 7123000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                                 00000000766653c3 6 bytes JMP 7092000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                                   00000000754aca64 6 bytes JMP 70c3000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                                      00000000754acc15 6 bytes JMP 70f9000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                                    00000000754acd01 6 bytes JMP 70ff000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                                  00000000754b1469 6 bytes JMP 7105000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                                   00000000754b14b3 4 bytes JMP 70ed000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA + 5                                               00000000754b14b8 1 byte [70]
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                                   00000000754b14d6 6 bytes JMP 70ea000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                                    00000000754b1514 6 bytes JMP 70fc000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                                      00000000754b2459 6 bytes JMP 70f6000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                                   00000000754b2bd8 6 bytes JMP 70c6000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                            00000000754b404a 6 bytes JMP 708c000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                                  00000000754b40fe 6 bytes JMP 7102000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                            00000000754b418e 6 bytes JMP 7086000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                            00000000754b41b3 6 bytes JMP 7089000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                                 00000000754b4304 6 bytes JMP 708f000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                                    00000000754b468d 6 bytes JMP 70f0000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                                 00000000754b46ad 6 bytes JMP 70dc000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                                 00000000754b48ef 6 bytes JMP 70df000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                                    00000000754b4907 6 bytes JMP 70f3000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                   00000000754c712c 6 bytes JMP 7119000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                                    00000000754ca8b7 6 bytes JMP 7062000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                   00000000754e3158 6 bytes JMP 711c000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                    0000000076f98a29 6 bytes JMP 706b000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                    0000000076f9d22e 6 bytes JMP 706e000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                    0000000076f9ee09 6 bytes JMP 7116000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                     0000000076fa20ec 6 bytes JMP 7058000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\USER32.dll!DrawTextW                                                          0000000076fa25cf 6 bytes JMP 7071000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\USER32.dll!GetKeyState                                                        0000000076fa291f 6 bytes JMP 7130000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                  0000000076fa7603 6 bytes JMP 7156000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                     0000000076fa7aee 6 bytes JMP 705b000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                  0000000076fa835c 6 bytes JMP 7159000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\USER32.dll!DrawTextA                                                          0000000076faaea1 6 bytes JMP 7074000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                   0000000076fbeb96 6 bytes JMP 712d000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\USER32.dll!DdeConnect                                                         0000000076fdeb7f 6 bytes JMP 7126000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                                     0000000075993c31 6 bytes JMP 714a000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                 00000000759a0171 6 bytes JMP 70a1000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                                                   00000000759a1df6 6 bytes JMP 7144000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                                                    0000000075bc748a 6 bytes JMP 7147000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                                                     0000000075bc7525 6 bytes JMP 714d000a
.text     C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe[4968] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                                                  0000000075bc8f9e 6 bytes JMP 70a4000a
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                               00000000765e103d 6 bytes {JMP QWORD [RIP+0x714f001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                               00000000765e1072 6 bytes {JMP QWORD [RIP+0x7152001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                                               00000000765e1222 6 bytes JMP 710f000a
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!WriteFile                                                                    00000000765e1282 6 bytes {JMP QWORD [RIP+0x708e001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                                          00000000765e16dd 6 bytes {JMP QWORD [RIP+0x704e001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                                                 00000000765e1826 6 bytes {JMP QWORD [RIP+0x70cb001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                                          00000000765e18fe 6 bytes {JMP QWORD [RIP+0x7070001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!OpenProcess                                                                  00000000765e1956 6 bytes JMP 7040000a
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                                              00000000765e31cf 6 bytes {JMP QWORD [RIP+0x709d001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!CreateThread                                                                 00000000765e3475 6 bytes {JMP QWORD [RIP+0x70ce001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                                  00000000765e3efc 6 bytes {JMP QWORD [RIP+0x70d8001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                                                 00000000765e41ec 6 bytes {JMP QWORD [RIP+0x7079001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                                             00000000765e41f9 6 bytes {JMP QWORD [RIP+0x7091001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                                               00000000765e42ff 6 bytes {JMP QWORD [RIP+0x70c8001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                                 00000000765e48cb 6 bytes JMP 715c000a
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                               00000000765e48fd 6 bytes {JMP QWORD [RIP+0x716b001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                 00000000765e4977 6 bytes {JMP QWORD [RIP+0x715e001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                                                 00000000765e4c0b 6 bytes {JMP QWORD [RIP+0x707c001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                                                   00000000765e50f1 6 bytes {JMP QWORD [RIP+0x7073001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                                  00000000765e5366 6 bytes {JMP QWORD [RIP+0x70d5001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                                                  00000000765e53e4 6 bytes {JMP QWORD [RIP+0x7061001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!LoadResource                                                                 00000000765e58ec 6 bytes {JMP QWORD [RIP+0x70b3001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                              00000000765e79cf 6 bytes {JMP QWORD [RIP+0x7135001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                                  00000000765e8953 6 bytes {JMP QWORD [RIP+0x705e001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                                    00000000765f9a90 6 bytes {JMP QWORD [RIP+0x7048001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                  00000000765f9acd 6 bytes {JMP QWORD [RIP+0x7042001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                                        00000000765fc800 6 bytes {JMP QWORD [RIP+0x7107001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                             00000000765fd79a 6 bytes {JMP QWORD [RIP+0x7164001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                                           00000000765fd978 6 bytes {JMP QWORD [RIP+0x7161001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                                                   00000000765fec07 6 bytes {JMP QWORD [RIP+0x7076001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!CopyFileA                                                                    000000007660587d 6 bytes {JMP QWORD [RIP+0x70b0001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                                    00000000766082a5 6 bytes {JMP QWORD [RIP+0x70ad001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                  000000007660cc61 6 bytes {JMP QWORD [RIP+0x7045001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                                             000000007660d4c6 6 bytes {JMP QWORD [RIP+0x7094001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                                           00000000766580aa 6 bytes {JMP QWORD [RIP+0x7132001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!MoveFileA                                                                    000000007665d8e9 6 bytes {JMP QWORD [RIP+0x704b001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                                                  000000007665ec29 6 bytes {JMP QWORD [RIP+0x70aa001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!WinExec                                                                      0000000076662c51 6 bytes {JMP QWORD [RIP+0x7140001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                                           000000007666419b 6 bytes {JMP QWORD [RIP+0x716e001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                                             00000000766645ef 6 bytes {JMP QWORD [RIP+0x7122001e]}
.text     C:\Program Files (x86)\ThreatFire\TFTray.exe[4104] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                                             00000000766653c3 6 bytes {JMP QWORD [RIP+0x708b001e]}
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!CreateProcessW         00000000765e103d 6 bytes JMP 7150000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!CreateProcessA         00000000765e1072 6 bytes JMP 7153000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!GetProcAddress         00000000765e1222 6 bytes JMP 710f000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!WriteFile              00000000765e1282 6 bytes JMP 7095000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte    00000000765e16dd 6 bytes JMP 7055000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!VirtualAlloc           00000000765e1826 6 bytes JMP 70cc000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar    00000000765e18fe 6 bytes JMP 7077000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!OpenProcess            00000000765e1956 6 bytes JMP 7046000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!DeviceIoControl        00000000765e31cf 6 bytes JMP 709e000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!CreateThread           00000000765e3475 6 bytes JMP 70cf000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!CreateFileW            00000000765e3efc 6 bytes JMP 70d9000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!CreateMutexW           00000000765e41ec 6 bytes JMP 7080000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW       00000000765e41f9 6 bytes JMP 7098000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!VirtualProtect         00000000765e42ff 6 bytes JMP 70c9000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!LoadLibraryW           00000000765e48cb 6 bytes JMP 715c000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW         00000000765e48fd 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!LoadLibraryA           00000000765e4977 6 bytes JMP 715f000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!CreateMutexA           00000000765e4c0b 6 bytes JMP 7083000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!OpenMutexW             00000000765e50f1 6 bytes JMP 707a000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!CreateFileA            00000000765e5366 6 bytes JMP 70d6000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!DeleteFileA            00000000765e53e4 6 bytes JMP 7068000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!LoadResource           00000000765e58ec 6 bytes JMP 70b4000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!TerminateThread        00000000765e79cf 6 bytes JMP 7136000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!DeleteFileW            00000000765e8953 6 bytes JMP 7065000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!MoveFileW              00000000765f9a90 6 bytes JMP 704f000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!MoveFileExW            00000000765f9acd 6 bytes JMP 7049000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW  00000000765fc800 6 bytes JMP 7108000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!TerminateProcess       00000000765fd79a 6 bytes JMP 7165000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory     00000000765fd978 6 bytes JMP 7162000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!OpenMutexA             00000000765fec07 6 bytes JMP 707d000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!CopyFileA              000000007660587d 6 bytes JMP 70b1000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!CopyFileW              00000000766082a5 6 bytes JMP 70ae000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!MoveFileExA            000000007660cc61 6 bytes JMP 704c000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA       000000007660d4c6 6 bytes JMP 709b000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess     00000000766580aa 6 bytes JMP 7133000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!MoveFileA              000000007665d8e9 6 bytes JMP 7052000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!CopyFileExA            000000007665ec29 6 bytes JMP 70ab000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!WinExec                0000000076662c51 6 bytes JMP 7141000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread     000000007666419b 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx       00000000766645ef 6 bytes JMP 7123000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\kernel32.dll!SetThreadContext       00000000766653c3 6 bytes JMP 7092000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\USER32.dll!CreateWindowExW          0000000076f98a29 6 bytes JMP 706b000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\USER32.dll!CreateWindowExA          0000000076f9d22e 6 bytes JMP 706e000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\USER32.dll!SetWinEventHook          0000000076f9ee09 6 bytes JMP 7116000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\USER32.dll!SetWindowTextW           0000000076fa20ec 6 bytes JMP 7058000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\USER32.dll!DrawTextW                0000000076fa25cf 6 bytes JMP 7071000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\USER32.dll!GetKeyState              0000000076fa291f 6 bytes JMP 7130000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW        0000000076fa7603 6 bytes JMP 7156000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\USER32.dll!SetWindowTextA           0000000076fa7aee 6 bytes JMP 705b000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA        0000000076fa835c 6 bytes JMP 7159000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\USER32.dll!DrawTextA                0000000076faaea1 6 bytes JMP 7074000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState         0000000076fbeb96 6 bytes JMP 712d000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\USER32.dll!DdeConnect               0000000076fdeb7f 6 bytes JMP 7126000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW         00000000754aca64 6 bytes JMP 70c3000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA            00000000754acc15 6 bytes JMP 70f9000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA          00000000754acd01 6 bytes JMP 70ff000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA        00000000754b1469 6 bytes JMP 7105000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA         00000000754b14b3 4 bytes JMP 70ed000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA + 5     00000000754b14b8 1 byte [70]
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW         00000000754b14d6 6 bytes JMP 70ea000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW          00000000754b1514 6 bytes JMP 70fc000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW            00000000754b2459 6 bytes JMP 70f6000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA         00000000754b2bd8 6 bytes JMP 70c6000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA  00000000754b404a 6 bytes JMP 708c000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW        00000000754b40fe 6 bytes JMP 7102000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges  00000000754b418e 6 bytes JMP 7086000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW  00000000754b41b3 6 bytes JMP 7089000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken       00000000754b4304 6 bytes JMP 708f000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW          00000000754b468d 6 bytes JMP 70f0000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW       00000000754b46ad 6 bytes JMP 70dc000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA       00000000754b48ef 6 bytes JMP 70df000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA          00000000754b4907 6 bytes JMP 70f3000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW         00000000754c712c 6 bytes JMP 7119000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA          00000000754ca8b7 6 bytes JMP 7062000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA         00000000754e3158 6 bytes JMP 711c000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW           0000000075993c31 6 bytes JMP 714a000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW       00000000759a0171 6 bytes JMP 70a1000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW         00000000759a1df6 6 bytes JMP 7144000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx          0000000075bc748a 6 bytes JMP 7147000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA           0000000075bc7525 6 bytes JMP 714d000a
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4720] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon        0000000075bc8f9e 6 bytes JMP 70a4000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                             00000000765e103d 6 bytes JMP 7150000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                             00000000765e1072 6 bytes JMP 7153000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                             00000000765e1222 6 bytes JMP 710f000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!WriteFile                                                  00000000765e1282 6 bytes JMP 7095000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                        00000000765e16dd 6 bytes JMP 7055000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                               00000000765e1826 6 bytes JMP 70cc000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                        00000000765e18fe 6 bytes JMP 7077000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!OpenProcess                                                00000000765e1956 6 bytes JMP 7046000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                            00000000765e31cf 6 bytes JMP 709e000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!CreateThread                                               00000000765e3475 6 bytes JMP 70cf000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                00000000765e3efc 6 bytes JMP 70d9000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                               00000000765e41ec 6 bytes JMP 7080000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                           00000000765e41f9 6 bytes JMP 7098000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                             00000000765e42ff 6 bytes JMP 70c9000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                               00000000765e48cb 6 bytes JMP 715c000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                             00000000765e48fd 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                               00000000765e4977 6 bytes JMP 715f000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                               00000000765e4c0b 6 bytes JMP 7083000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                                 00000000765e50f1 6 bytes JMP 707a000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                00000000765e5366 6 bytes JMP 70d6000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                                00000000765e53e4 6 bytes JMP 7068000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!LoadResource                                               00000000765e58ec 6 bytes JMP 70b4000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!TerminateThread                                            00000000765e79cf 6 bytes JMP 7136000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                00000000765e8953 6 bytes JMP 7065000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                  00000000765f9a90 6 bytes JMP 704f000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                00000000765f9acd 6 bytes JMP 7049000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                      00000000765fc800 6 bytes JMP 7108000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                           00000000765fd79a 6 bytes JMP 7165000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                         00000000765fd978 6 bytes JMP 7162000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                                 00000000765fec07 6 bytes JMP 707d000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!CopyFileA                                                  000000007660587d 6 bytes JMP 70b1000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                  00000000766082a5 6 bytes JMP 70ae000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                000000007660cc61 6 bytes JMP 704c000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                           000000007660d4c6 6 bytes JMP 709b000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                         00000000766580aa 6 bytes JMP 7133000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!MoveFileA                                                  000000007665d8e9 6 bytes JMP 7052000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                                000000007665ec29 6 bytes JMP 70ab000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!WinExec                                                    0000000076662c51 6 bytes JMP 7141000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                         000000007666419b 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                           00000000766645ef 6 bytes JMP 7123000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                           00000000766653c3 6 bytes JMP 7092000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                              0000000076f98a29 6 bytes JMP 706b000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                              0000000076f9d22e 6 bytes JMP 706e000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                              0000000076f9ee09 6 bytes JMP 7116000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                               0000000076fa20ec 6 bytes JMP 7058000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\USER32.dll!DrawTextW                                                    0000000076fa25cf 6 bytes JMP 7071000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\USER32.dll!GetKeyState                                                  0000000076fa291f 6 bytes JMP 7130000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                            0000000076fa7603 6 bytes JMP 7156000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                               0000000076fa7aee 6 bytes JMP 705b000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                            0000000076fa835c 6 bytes JMP 7159000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\USER32.dll!DrawTextA                                                    0000000076faaea1 6 bytes JMP 7074000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                             0000000076fbeb96 6 bytes JMP 712d000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\USER32.dll!DdeConnect                                                   0000000076fdeb7f 6 bytes JMP 7126000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                             00000000754aca64 6 bytes JMP 70c3000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                                00000000754acc15 6 bytes JMP 70f9000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                              00000000754acd01 6 bytes JMP 70ff000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                            00000000754b1469 6 bytes JMP 7105000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                             00000000754b14b3 4 bytes JMP 70ed000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA + 5                                         00000000754b14b8 1 byte [70]
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                             00000000754b14d6 6 bytes JMP 70ea000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                              00000000754b1514 6 bytes JMP 70fc000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                                00000000754b2459 6 bytes JMP 70f6000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                             00000000754b2bd8 6 bytes JMP 70c6000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                      00000000754b404a 6 bytes JMP 708c000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                            00000000754b40fe 6 bytes JMP 7102000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                      00000000754b418e 6 bytes JMP 7086000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                      00000000754b41b3 6 bytes JMP 7089000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                           00000000754b4304 6 bytes JMP 708f000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                              00000000754b468d 6 bytes JMP 70f0000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                           00000000754b46ad 6 bytes JMP 70dc000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                           00000000754b48ef 6 bytes JMP 70df000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                              00000000754b4907 6 bytes JMP 70f3000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                             00000000754c712c 6 bytes JMP 7119000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                              00000000754ca8b7 6 bytes JMP 7062000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                             00000000754e3158 6 bytes JMP 711c000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                               0000000075993c31 6 bytes JMP 714a000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                           00000000759a0171 6 bytes JMP 70a1000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                                             00000000759a1df6 6 bytes JMP 7144000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                                              0000000075bc748a 6 bytes JMP 7147000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                                               0000000075bc7525 6 bytes JMP 714d000a
.text     C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4964] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                                            0000000075bc8f9e 6 bytes JMP 70a4000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                           00000000765e103d 6 bytes JMP 7150000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                           00000000765e1072 6 bytes JMP 7153000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                           00000000765e1222 6 bytes JMP 710f000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!WriteFile                                                00000000765e1282 6 bytes JMP 708f000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                      00000000765e16dd 6 bytes JMP 704f000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                             00000000765e1826 6 bytes JMP 70cc000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                      00000000765e18fe 6 bytes JMP 7071000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!OpenProcess                                              00000000765e1956 6 bytes JMP 7040000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                          00000000765e31cf 6 bytes JMP 709e000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!CreateThread                                             00000000765e3475 6 bytes JMP 70cf000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!CreateFileW                                              00000000765e3efc 6 bytes JMP 70d9000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                             00000000765e41ec 6 bytes JMP 707a000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                         00000000765e41f9 6 bytes JMP 7092000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                           00000000765e42ff 6 bytes JMP 70c9000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                             00000000765e48cb 6 bytes JMP 715c000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                           00000000765e48fd 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                             00000000765e4977 6 bytes JMP 715f000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                             00000000765e4c0b 6 bytes JMP 707d000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                               00000000765e50f1 6 bytes JMP 7074000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!CreateFileA                                              00000000765e5366 6 bytes JMP 70d6000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                              00000000765e53e4 6 bytes JMP 7062000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!LoadResource                                             00000000765e58ec 6 bytes JMP 70b4000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!TerminateThread                                          00000000765e79cf 6 bytes JMP 7136000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                              00000000765e8953 6 bytes JMP 705f000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                00000000765f9a90 6 bytes JMP 7049000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                              00000000765f9acd 6 bytes JMP 7043000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                    00000000765fc800 6 bytes JMP 7108000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                         00000000765fd79a 6 bytes JMP 7165000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                       00000000765fd978 6 bytes JMP 7162000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                               00000000765fec07 6 bytes JMP 7077000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!CopyFileA                                                000000007660587d 6 bytes JMP 70b1000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                00000000766082a5 6 bytes JMP 70ae000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                              000000007660cc61 6 bytes JMP 7046000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                         000000007660d4c6 6 bytes JMP 7095000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                       00000000766580aa 6 bytes JMP 7133000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!MoveFileA                                                000000007665d8e9 6 bytes JMP 704c000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                              000000007665ec29 6 bytes JMP 70ab000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!WinExec                                                  0000000076662c51 6 bytes JMP 7141000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                       000000007666419b 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                         00000000766645ef 6 bytes JMP 7123000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                         00000000766653c3 6 bytes JMP 708c000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                           00000000754aca64 6 bytes JMP 70c3000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                              00000000754acc15 6 bytes JMP 70f9000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                            00000000754acd01 6 bytes JMP 70ff000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                          00000000754b1469 6 bytes JMP 7105000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                           00000000754b14b3 4 bytes JMP 70ed000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA + 5                                       00000000754b14b8 1 byte [70]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                           00000000754b14d6 6 bytes JMP 70ea000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                            00000000754b1514 6 bytes JMP 70fc000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                              00000000754b2459 6 bytes JMP 70f6000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                           00000000754b2bd8 6 bytes JMP 70c6000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                    00000000754b404a 6 bytes JMP 7086000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                          00000000754b40fe 6 bytes JMP 7102000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                    00000000754b418e 6 bytes JMP 7080000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                    00000000754b41b3 6 bytes JMP 7083000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                         00000000754b4304 6 bytes JMP 7089000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                            00000000754b468d 6 bytes JMP 70f0000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                         00000000754b46ad 6 bytes JMP 70dc000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                         00000000754b48ef 6 bytes JMP 70df000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                            00000000754b4907 6 bytes JMP 70f3000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                           00000000754c712c 6 bytes JMP 7119000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                            00000000754ca8b7 6 bytes JMP 705c000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                           00000000754e3158 6 bytes JMP 711c000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                            0000000076f98a29 6 bytes JMP 7065000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                            0000000076f9d22e 6 bytes JMP 7068000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                            0000000076f9ee09 6 bytes JMP 7116000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                             0000000076fa20ec 6 bytes JMP 7052000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\USER32.dll!DrawTextW                                                  0000000076fa25cf 6 bytes JMP 706b000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\USER32.dll!GetKeyState                                                0000000076fa291f 6 bytes JMP 7130000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                          0000000076fa7603 6 bytes JMP 7156000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                             0000000076fa7aee 6 bytes JMP 7055000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                          0000000076fa835c 6 bytes JMP 7159000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\USER32.dll!DrawTextA                                                  0000000076faaea1 6 bytes JMP 706e000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                           0000000076fbeb96 6 bytes JMP 712d000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\USER32.dll!DdeConnect                                                 0000000076fdeb7f 6 bytes JMP 7126000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\WININET.dll!InternetOpenUrlA                                          000000007714d05f 6 bytes JMP 709b000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\WININET.dll!InternetOpenUrlW                                          000000007714dbf1 6 bytes JMP 7098000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                             0000000075993c31 6 bytes JMP 714a000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                         00000000759a0171 6 bytes JMP 70a1000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                                           00000000759a1df6 6 bytes JMP 7144000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                                            0000000075bc748a 6 bytes JMP 7147000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                                             0000000075bc7525 6 bytes JMP 714d000a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5044] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                                          0000000075bc8f9e 6 bytes JMP 70a4000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                00000000765e103d 6 bytes JMP 7150000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                00000000765e1072 6 bytes JMP 7153000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                                                00000000765e1222 6 bytes JMP 710f000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!WriteFile                                                                     00000000765e1282 6 bytes JMP 7095000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                                           00000000765e16dd 6 bytes JMP 7055000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                                                  00000000765e1826 6 bytes JMP 70cc000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                                           00000000765e18fe 6 bytes JMP 7077000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!OpenProcess                                                                   00000000765e1956 6 bytes JMP 7046000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                                               00000000765e31cf 6 bytes JMP 709e000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!CreateThread                                                                  00000000765e3475 6 bytes JMP 70cf000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                                   00000000765e3efc 6 bytes JMP 70d9000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                                                  00000000765e41ec 6 bytes JMP 7080000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                                              00000000765e41f9 6 bytes JMP 7098000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                                                00000000765e42ff 6 bytes JMP 70c9000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                                  00000000765e48cb 6 bytes JMP 715c000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                                00000000765e48fd 6 bytes JMP 716c000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                  00000000765e4977 6 bytes JMP 715f000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                                                  00000000765e4c0b 6 bytes JMP 7083000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                                                    00000000765e50f1 6 bytes JMP 707a000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                                   00000000765e5366 6 bytes JMP 70d6000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                                                   00000000765e53e4 6 bytes JMP 7068000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!LoadResource                                                                  00000000765e58ec 6 bytes JMP 70b4000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                               00000000765e79cf 6 bytes JMP 7136000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                                   00000000765e8953 6 bytes JMP 7065000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                                     00000000765f9a90 6 bytes JMP 704f000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                   00000000765f9acd 6 bytes JMP 7049000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                                         00000000765fc800 6 bytes JMP 7108000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                              00000000765fd79a 6 bytes JMP 7165000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                                            00000000765fd978 6 bytes JMP 7162000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                                                    00000000765fec07 6 bytes JMP 707d000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!CopyFileA                                                                     000000007660587d 6 bytes JMP 70b1000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                                     00000000766082a5 6 bytes JMP 70ae000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                   000000007660cc61 6 bytes JMP 704c000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                                              000000007660d4c6 6 bytes JMP 709b000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                                            00000000766580aa 6 bytes JMP 7133000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!MoveFileA                                                                     000000007665d8e9 6 bytes JMP 7052000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                                                   000000007665ec29 6 bytes JMP 70ab000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!WinExec                                                                       0000000076662c51 6 bytes JMP 7141000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                                            000000007666419b 6 bytes JMP 716f000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                                              00000000766645ef 6 bytes JMP 7123000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                                              00000000766653c3 6 bytes JMP 7092000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                 0000000076f98a29 6 bytes JMP 706b000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                 0000000076f9d22e 6 bytes JMP 706e000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                 0000000076f9ee09 6 bytes JMP 7116000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                  0000000076fa20ec 6 bytes JMP 7058000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\USER32.dll!DrawTextW                                                                       0000000076fa25cf 6 bytes JMP 7071000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                     0000000076fa291f 6 bytes JMP 7130000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                               0000000076fa7603 6 bytes JMP 7156000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                  0000000076fa7aee 6 bytes JMP 705b000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                               0000000076fa835c 6 bytes JMP 7159000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\USER32.dll!DrawTextA                                                                       0000000076faaea1 6 bytes JMP 7074000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                0000000076fbeb96 6 bytes JMP 712d000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\USER32.dll!DdeConnect                                                                      0000000076fdeb7f 6 bytes JMP 7126000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                                                00000000754aca64 6 bytes JMP 70c3000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                                                   00000000754acc15 6 bytes JMP 70f9000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                                                 00000000754acd01 6 bytes JMP 70ff000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                                               00000000754b1469 6 bytes JMP 7105000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                                                00000000754b14b3 4 bytes JMP 70ed000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA + 5                                                            00000000754b14b8 1 byte [70]
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                                                00000000754b14d6 6 bytes JMP 70ea000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                                                 00000000754b1514 6 bytes JMP 70fc000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                                                   00000000754b2459 6 bytes JMP 70f6000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                                                00000000754b2bd8 6 bytes JMP 70c6000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                                         00000000754b404a 6 bytes JMP 708c000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                                               00000000754b40fe 6 bytes JMP 7102000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                                         00000000754b418e 6 bytes JMP 7086000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                                         00000000754b41b3 6 bytes JMP 7089000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                                              00000000754b4304 6 bytes JMP 708f000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                                                 00000000754b468d 6 bytes JMP 70f0000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                                              00000000754b46ad 6 bytes JMP 70dc000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                                              00000000754b48ef 6 bytes JMP 70df000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                                                 00000000754b4907 6 bytes JMP 70f3000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                00000000754c712c 6 bytes JMP 7119000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                                                 00000000754ca8b7 6 bytes JMP 7062000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                00000000754e3158 6 bytes JMP 711c000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                                                  0000000075993c31 6 bytes JMP 714a000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                              00000000759a0171 6 bytes JMP 70a1000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                                                                00000000759a1df6 6 bytes JMP 7144000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                                                                 0000000075bc748a 6 bytes JMP 7147000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                                                                  0000000075bc7525 6 bytes JMP 714d000a
.text     C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[1652] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                                                               0000000075bc8f9e 6 bytes JMP 70a4000a

littleant · 20.09.2013, 17:35

Gmer Teil 3 - Edit: Doppelpost

littleant · 20.09.2013, 17:39

Gmer letzter Teil:

Code:

ATTFilter

.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                   00000000765e103d 6 bytes JMP 7150000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                   00000000765e1072 6 bytes JMP 7153000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                                                   00000000765e1222 6 bytes JMP 710f000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!WriteFile                                                                        00000000765e1282 6 bytes JMP 7095000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                                              00000000765e16dd 6 bytes JMP 7055000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                                                     00000000765e1826 6 bytes JMP 70cc000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                                              00000000765e18fe 6 bytes JMP 7077000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!OpenProcess                                                                      00000000765e1956 6 bytes JMP 7046000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                                                  00000000765e31cf 6 bytes JMP 709e000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!CreateThread                                                                     00000000765e3475 6 bytes JMP 70cf000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                                      00000000765e3efc 6 bytes JMP 70d9000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                                                     00000000765e41ec 6 bytes JMP 7080000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                                                 00000000765e41f9 6 bytes JMP 7098000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                                                   00000000765e42ff 6 bytes JMP 70c9000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                                     00000000765e48cb 6 bytes JMP 715c000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                                   00000000765e48fd 6 bytes JMP 716c000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                     00000000765e4977 6 bytes JMP 715f000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                                                     00000000765e4c0b 6 bytes JMP 7083000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                                                       00000000765e50f1 6 bytes JMP 707a000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                                      00000000765e5366 6 bytes JMP 70d6000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                                                      00000000765e53e4 6 bytes JMP 7068000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!LoadResource                                                                     00000000765e58ec 6 bytes JMP 70b4000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                                  00000000765e79cf 6 bytes JMP 7136000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                                      00000000765e8953 6 bytes JMP 7065000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                                        00000000765f9a90 6 bytes JMP 704f000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                      00000000765f9acd 6 bytes JMP 7049000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                                            00000000765fc800 6 bytes JMP 7108000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                                 00000000765fd79a 6 bytes JMP 7165000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                                               00000000765fd978 6 bytes JMP 7162000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                                                       00000000765fec07 6 bytes JMP 707d000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!CopyFileA                                                                        000000007660587d 6 bytes JMP 70b1000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                                        00000000766082a5 6 bytes JMP 70ae000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                      000000007660cc61 6 bytes JMP 704c000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                                                 000000007660d4c6 6 bytes JMP 709b000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                                               00000000766580aa 6 bytes JMP 7133000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!MoveFileA                                                                        000000007665d8e9 6 bytes JMP 7052000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                                                      000000007665ec29 6 bytes JMP 70ab000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!WinExec                                                                          0000000076662c51 6 bytes JMP 7141000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                                               000000007666419b 6 bytes JMP 716f000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                                                 00000000766645ef 6 bytes JMP 7123000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                                                 00000000766653c3 6 bytes JMP 7092000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                                                   00000000754aca64 6 bytes JMP 70c3000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                                                      00000000754acc15 6 bytes JMP 70f9000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                                                    00000000754acd01 6 bytes JMP 70ff000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                                                  00000000754b1469 6 bytes JMP 7105000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                                                   00000000754b14b3 4 bytes JMP 70ed000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA + 5                                                               00000000754b14b8 1 byte [70]
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                                                   00000000754b14d6 6 bytes JMP 70ea000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                                                    00000000754b1514 6 bytes JMP 70fc000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                                                      00000000754b2459 6 bytes JMP 70f6000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                                                   00000000754b2bd8 6 bytes JMP 70c6000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                                            00000000754b404a 6 bytes JMP 708c000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                                                  00000000754b40fe 6 bytes JMP 7102000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                                            00000000754b418e 6 bytes JMP 7086000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                                            00000000754b41b3 6 bytes JMP 7089000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                                                 00000000754b4304 6 bytes JMP 708f000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                                                    00000000754b468d 6 bytes JMP 70f0000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                                                 00000000754b46ad 6 bytes JMP 70dc000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                                                 00000000754b48ef 6 bytes JMP 70df000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                                                    00000000754b4907 6 bytes JMP 70f3000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                   00000000754c712c 6 bytes JMP 7119000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                                                    00000000754ca8b7 6 bytes JMP 7062000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                   00000000754e3158 6 bytes JMP 711c000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                    0000000076f98a29 6 bytes JMP 706b000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                    0000000076f9d22e 6 bytes JMP 706e000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                    0000000076f9ee09 6 bytes JMP 7116000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                     0000000076fa20ec 6 bytes JMP 7058000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\USER32.dll!DrawTextW                                                                          0000000076fa25cf 6 bytes JMP 7071000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                        0000000076fa291f 6 bytes JMP 7130000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                  0000000076fa7603 6 bytes JMP 7156000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                     0000000076fa7aee 6 bytes JMP 705b000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                  0000000076fa835c 6 bytes JMP 7159000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\USER32.dll!DrawTextA                                                                          0000000076faaea1 6 bytes JMP 7074000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                   0000000076fbeb96 6 bytes JMP 712d000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\USER32.dll!DdeConnect                                                                         0000000076fdeb7f 6 bytes JMP 7126000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                                                     0000000075993c31 6 bytes JMP 714a000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                                 00000000759a0171 6 bytes JMP 70a1000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                                                                   00000000759a1df6 6 bytes JMP 7144000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                                                                    0000000075bc748a 6 bytes JMP 7147000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                                                                     0000000075bc7525 6 bytes JMP 714d000a
.text     C:\Program Files\iTunes\iTunesHelper.exe[4672] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                                                                  0000000075bc8f9e 6 bytes JMP 70a4000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                                         00000000778f000c 1 byte [C3]
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                    000000007797f8ea 5 bytes JMP 000000017792d5c1
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                     00000000765e103d 6 bytes JMP 7150000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                     00000000765e1072 6 bytes JMP 7153000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                     00000000765e1222 6 bytes JMP 710f000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!WriteFile                                          00000000765e1282 6 bytes JMP 7095000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                00000000765e16dd 6 bytes JMP 7055000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                       00000000765e1826 6 bytes JMP 70cc000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                00000000765e18fe 6 bytes JMP 7077000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!OpenProcess                                        00000000765e1956 6 bytes JMP 7046000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                    00000000765e31cf 6 bytes JMP 709e000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!CreateThread                                       00000000765e3475 6 bytes JMP 70cf000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!CreateFileW                                        00000000765e3efc 6 bytes JMP 70d9000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                       00000000765e41ec 6 bytes JMP 7080000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                   00000000765e41f9 6 bytes JMP 7098000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                     00000000765e42ff 6 bytes JMP 70c9000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                       00000000765e48cb 6 bytes JMP 715c000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                     00000000765e48fd 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                       00000000765e4977 6 bytes JMP 715f000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                       00000000765e4c0b 6 bytes JMP 7083000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                         00000000765e50f1 6 bytes JMP 707a000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!CreateFileA                                        00000000765e5366 6 bytes JMP 70d6000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                        00000000765e53e4 6 bytes JMP 7068000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!LoadResource                                       00000000765e58ec 6 bytes JMP 70b4000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!TerminateThread                                    00000000765e79cf 6 bytes JMP 7136000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                        00000000765e8953 6 bytes JMP 7065000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!MoveFileW                                          00000000765f9a90 6 bytes JMP 704f000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                        00000000765f9acd 6 bytes JMP 7049000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                              00000000765fc800 6 bytes JMP 7108000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                   00000000765fd79a 6 bytes JMP 7165000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                 00000000765fd978 6 bytes JMP 7162000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                         00000000765fec07 6 bytes JMP 707d000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!CopyFileA                                          000000007660587d 6 bytes JMP 70b1000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!CopyFileW                                          00000000766082a5 6 bytes JMP 70ae000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                        000000007660cc61 6 bytes JMP 704c000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                   000000007660d4c6 6 bytes JMP 709b000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                 00000000766580aa 6 bytes JMP 7133000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!MoveFileA                                          000000007665d8e9 6 bytes JMP 7052000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                        000000007665ec29 6 bytes JMP 70ab000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!WinExec                                            0000000076662c51 6 bytes JMP 7141000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                 000000007666419b 6 bytes JMP 716f000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                   00000000766645ef 6 bytes JMP 7123000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                   00000000766653c3 6 bytes JMP 7092000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                     00000000754aca64 6 bytes JMP 70c3000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                        00000000754acc15 6 bytes JMP 70f9000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                      00000000754acd01 6 bytes JMP 70ff000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                    00000000754b1469 6 bytes JMP 7105000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                     00000000754b14b3 4 bytes JMP 70ed000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA + 5                                 00000000754b14b8 1 byte [70]
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                     00000000754b14d6 6 bytes JMP 70ea000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                      00000000754b1514 6 bytes JMP 70fc000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                        00000000754b2459 6 bytes JMP 70f6000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                     00000000754b2bd8 6 bytes JMP 70c6000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                              00000000754b404a 6 bytes JMP 708c000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                    00000000754b40fe 6 bytes JMP 7102000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                              00000000754b418e 6 bytes JMP 7086000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                              00000000754b41b3 6 bytes JMP 7089000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                   00000000754b4304 6 bytes JMP 708f000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                      00000000754b468d 6 bytes JMP 70f0000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                   00000000754b46ad 6 bytes JMP 70dc000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                   00000000754b48ef 6 bytes JMP 70df000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                      00000000754b4907 6 bytes JMP 70f3000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                     00000000754c712c 6 bytes JMP 7119000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                      00000000754ca8b7 6 bytes JMP 7062000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                     00000000754e3158 6 bytes JMP 711c000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                      0000000076f98a29 6 bytes JMP 706b000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                      0000000076f9d22e 6 bytes JMP 706e000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                      0000000076f9ee09 6 bytes JMP 7116000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                       0000000076fa20ec 6 bytes JMP 7058000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\USER32.dll!DrawTextW                                            0000000076fa25cf 6 bytes JMP 7071000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\USER32.dll!GetKeyState                                          0000000076fa291f 6 bytes JMP 7130000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                    0000000076fa7603 6 bytes JMP 7156000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                       0000000076fa7aee 6 bytes JMP 705b000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                    0000000076fa835c 6 bytes JMP 7159000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\USER32.dll!DrawTextA                                            0000000076faaea1 6 bytes JMP 7074000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                     0000000076fbeb96 6 bytes JMP 712d000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\USER32.dll!DdeConnect                                           0000000076fdeb7f 6 bytes JMP 7126000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                       0000000075993c31 6 bytes JMP 714a000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                   00000000759a0171 6 bytes JMP 70a1000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                                     00000000759a1df6 6 bytes JMP 7144000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                                      0000000075bc748a 6 bytes JMP 7147000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                                       0000000075bc7525 6 bytes JMP 714d000a
.text     C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe[5908] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                                    0000000075bc8f9e 6 bytes JMP 70a4000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!CreateProcessW                          00000000765e103d 6 bytes {JMP QWORD [RIP+0x714f001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!CreateProcessA                          00000000765e1072 6 bytes {JMP QWORD [RIP+0x7152001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!GetProcAddress                          00000000765e1222 6 bytes JMP 710f000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!WriteFile                               00000000765e1282 6 bytes JMP 7095000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                     00000000765e16dd 6 bytes JMP 7055000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                            00000000765e1826 6 bytes {JMP QWORD [RIP+0x70cb001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                     00000000765e18fe 6 bytes JMP 7077000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!OpenProcess                             00000000765e1956 6 bytes {JMP QWORD [RIP+0x7045001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                         00000000765e31cf 6 bytes {JMP QWORD [RIP+0x709d001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!CreateThread                            00000000765e3475 6 bytes {JMP QWORD [RIP+0x70ce001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!CreateFileW                             00000000765e3efc 6 bytes JMP 70d9000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!CreateMutexW                            00000000765e41ec 6 bytes JMP 7080000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                        00000000765e41f9 6 bytes JMP 7098000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!VirtualProtect                          00000000765e42ff 6 bytes {JMP QWORD [RIP+0x70c8001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                            00000000765e48cb 6 bytes JMP 715c000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                          00000000765e48fd 6 bytes JMP 716c000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                            00000000765e4977 6 bytes {JMP QWORD [RIP+0x715e001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!CreateMutexA                            00000000765e4c0b 6 bytes JMP 7083000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!OpenMutexW                              00000000765e50f1 6 bytes JMP 707a000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!CreateFileA                             00000000765e5366 6 bytes {JMP QWORD [RIP+0x70d5001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!DeleteFileA                             00000000765e53e4 6 bytes {JMP QWORD [RIP+0x7067001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!LoadResource                            00000000765e58ec 6 bytes JMP 70b4000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!TerminateThread                         00000000765e79cf 6 bytes {JMP QWORD [RIP+0x7135001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!DeleteFileW                             00000000765e8953 6 bytes JMP 7065000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!MoveFileW                               00000000765f9a90 6 bytes {JMP QWORD [RIP+0x704e001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!MoveFileExW                             00000000765f9acd 6 bytes {JMP QWORD [RIP+0x7048001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                   00000000765fc800 6 bytes {JMP QWORD [RIP+0x7107001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!TerminateProcess                        00000000765fd79a 6 bytes {JMP QWORD [RIP+0x7164001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                      00000000765fd978 6 bytes JMP 7162000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!OpenMutexA                              00000000765fec07 6 bytes {JMP QWORD [RIP+0x707c001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!CopyFileA                               000000007660587d 6 bytes {JMP QWORD [RIP+0x70b0001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!CopyFileW                               00000000766082a5 6 bytes JMP 70ae000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!MoveFileExA                             000000007660cc61 6 bytes {JMP QWORD [RIP+0x704b001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                        000000007660d4c6 6 bytes {JMP QWORD [RIP+0x709a001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                      00000000766580aa 6 bytes {JMP QWORD [RIP+0x7132001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!MoveFileA                               000000007665d8e9 6 bytes {JMP QWORD [RIP+0x7051001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!CopyFileExA                             000000007665ec29 6 bytes {JMP QWORD [RIP+0x70aa001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!WinExec                                 0000000076662c51 6 bytes {JMP QWORD [RIP+0x7140001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                      000000007666419b 6 bytes {JMP QWORD [RIP+0x716e001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                        00000000766645ef 6 bytes JMP 7123000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\kernel32.dll!SetThreadContext                        00000000766653c3 6 bytes JMP 7092000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\USER32.dll!CreateWindowExW                           0000000076f98a29 6 bytes JMP 706b000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\USER32.dll!CreateWindowExA                           0000000076f9d22e 6 bytes {JMP QWORD [RIP+0x706d001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\USER32.dll!SetWinEventHook                           0000000076f9ee09 6 bytes JMP 7116000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\USER32.dll!SetWindowTextW                            0000000076fa20ec 6 bytes {JMP QWORD [RIP+0x7057001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\USER32.dll!DrawTextW                                 0000000076fa25cf 6 bytes {JMP QWORD [RIP+0x7070001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\USER32.dll!GetKeyState                               0000000076fa291f 6 bytes {JMP QWORD [RIP+0x712f001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                         0000000076fa7603 6 bytes {JMP QWORD [RIP+0x7155001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\USER32.dll!SetWindowTextA                            0000000076fa7aee 6 bytes {JMP QWORD [RIP+0x705a001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                         0000000076fa835c 6 bytes {JMP QWORD [RIP+0x7158001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\USER32.dll!DrawTextA                                 0000000076faaea1 6 bytes {JMP QWORD [RIP+0x7073001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                          0000000076fbeb96 6 bytes {JMP QWORD [RIP+0x712c001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\USER32.dll!DdeConnect                                0000000076fdeb7f 6 bytes {JMP QWORD [RIP+0x7125001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                          00000000754aca64 6 bytes {JMP QWORD [RIP+0x70c2001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                             00000000754acc15 6 bytes {JMP QWORD [RIP+0x70f8001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                           00000000754acd01 6 bytes {JMP QWORD [RIP+0x70fe001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                         00000000754b1469 6 bytes JMP 7105000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                          00000000754b14b3 4 bytes [FF, 25, 1E, 00]
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA + 5                      00000000754b14b8 1 byte [70]
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                          00000000754b14d6 6 bytes {JMP QWORD [RIP+0x70e9001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                           00000000754b1514 6 bytes {JMP QWORD [RIP+0x70fb001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                             00000000754b2459 6 bytes {JMP QWORD [RIP+0x70f5001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                          00000000754b2bd8 6 bytes {JMP QWORD [RIP+0x70c5001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                   00000000754b404a 6 bytes {JMP QWORD [RIP+0x708b001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                         00000000754b40fe 6 bytes {JMP QWORD [RIP+0x7101001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                   00000000754b418e 6 bytes {JMP QWORD [RIP+0x7085001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                   00000000754b41b3 6 bytes {JMP QWORD [RIP+0x7088001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                        00000000754b4304 6 bytes JMP 708f000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                           00000000754b468d 6 bytes {JMP QWORD [RIP+0x70ef001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                        00000000754b46ad 6 bytes {JMP QWORD [RIP+0x70db001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                        00000000754b48ef 6 bytes {JMP QWORD [RIP+0x70de001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                           00000000754b4907 6 bytes JMP 70f3000a
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                          00000000754c712c 6 bytes {JMP QWORD [RIP+0x7118001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                           00000000754ca8b7 6 bytes {JMP QWORD [RIP+0x7061001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                          00000000754e3158 6 bytes {JMP QWORD [RIP+0x711b001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                            0000000075993c31 6 bytes {JMP QWORD [RIP+0x7149001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                        00000000759a0171 6 bytes {JMP QWORD [RIP+0x70a0001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                          00000000759a1df6 6 bytes {JMP QWORD [RIP+0x7143001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                           0000000075bc748a 6 bytes {JMP QWORD [RIP+0x7146001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                            0000000075bc7525 6 bytes {JMP QWORD [RIP+0x714c001e]}
.text     C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5352] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                         0000000075bc8f9e 6 bytes JMP 70a4000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                          00000000765e103d 6 bytes JMP 7150000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                          00000000765e1072 6 bytes JMP 7153000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!GetProcAddress                                                          00000000765e1222 6 bytes JMP 710f000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!WriteFile                                                               00000000765e1282 6 bytes JMP 7095000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!WideCharToMultiByte                                                     00000000765e16dd 6 bytes JMP 7055000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!VirtualAlloc                                                            00000000765e1826 6 bytes JMP 70cc000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!MultiByteToWideChar                                                     00000000765e18fe 6 bytes JMP 7077000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!OpenProcess                                                             00000000765e1956 6 bytes JMP 7046000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!DeviceIoControl                                                         00000000765e31cf 6 bytes JMP 709e000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!CreateThread                                                            00000000765e3475 6 bytes JMP 70cf000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                             00000000765e3efc 6 bytes JMP 70d9000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!CreateMutexW                                                            00000000765e41ec 6 bytes JMP 7080000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW                                                        00000000765e41f9 6 bytes JMP 7098000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                                          00000000765e42ff 6 bytes JMP 70c9000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                            00000000765e48cb 6 bytes JMP 715c000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                          00000000765e48fd 6 bytes JMP 716c000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                            00000000765e4977 6 bytes JMP 715f000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!CreateMutexA                                                            00000000765e4c0b 6 bytes JMP 7083000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!OpenMutexW                                                              00000000765e50f1 6 bytes JMP 707a000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                             00000000765e5366 6 bytes JMP 70d6000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!DeleteFileA                                                             00000000765e53e4 6 bytes JMP 7068000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!LoadResource                                                            00000000765e58ec 6 bytes JMP 70b4000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                         00000000765e79cf 6 bytes JMP 7136000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!DeleteFileW                                                             00000000765e8953 6 bytes JMP 7065000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!MoveFileW                                                               00000000765f9a90 6 bytes JMP 704f000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                             00000000765f9acd 6 bytes JMP 7049000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW                                                   00000000765fc800 6 bytes JMP 7108000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                        00000000765fd79a 6 bytes JMP 7165000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                                      00000000765fd978 6 bytes JMP 7162000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!OpenMutexA                                                              00000000765fec07 6 bytes JMP 707d000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!CopyFileA                                                               000000007660587d 6 bytes JMP 70b1000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!CopyFileW                                                               00000000766082a5 6 bytes JMP 70ae000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                             000000007660cc61 6 bytes JMP 704c000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!CreateDirectoryA                                                        000000007660d4c6 6 bytes JMP 709b000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!DebugActiveProcess                                                      00000000766580aa 6 bytes JMP 7133000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!MoveFileA                                                               000000007665d8e9 6 bytes JMP 7052000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!CopyFileExA                                                             000000007665ec29 6 bytes JMP 70ab000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!WinExec                                                                 0000000076662c51 6 bytes JMP 7141000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!CreateRemoteThread                                                      000000007666419b 6 bytes JMP 716f000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                                        00000000766645ef 6 bytes JMP 7123000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                                        00000000766653c3 6 bytes JMP 7092000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                           0000000076f98a29 6 bytes JMP 706b000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                           0000000076f9d22e 6 bytes JMP 706e000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                           0000000076f9ee09 6 bytes JMP 7116000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                            0000000076fa20ec 6 bytes JMP 7058000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\USER32.dll!DrawTextW                                                                 0000000076fa25cf 6 bytes JMP 7071000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\USER32.dll!GetKeyState                                                               0000000076fa291f 6 bytes JMP 7130000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                         0000000076fa7603 6 bytes JMP 7156000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                            0000000076fa7aee 6 bytes JMP 705b000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                         0000000076fa835c 6 bytes JMP 7159000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\USER32.dll!DrawTextA                                                                 0000000076faaea1 6 bytes JMP 7074000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                          0000000076fbeb96 6 bytes JMP 712d000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\USER32.dll!DdeConnect                                                                0000000076fdeb7f 6 bytes JMP 7126000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerW                                                          00000000754aca64 6 bytes JMP 70c3000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyA                                                             00000000754acc15 6 bytes JMP 70f9000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyA                                                           00000000754acd01 6 bytes JMP 70ff000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExA                                                         00000000754b1469 6 bytes JMP 7105000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA                                                          00000000754b14b3 4 bytes JMP 70ed000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExA + 5                                                      00000000754b14b8 1 byte [70]
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW                                                          00000000754b14d6 6 bytes JMP 70ea000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyW                                                           00000000754b1514 6 bytes JMP 70fc000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyW                                                             00000000754b2459 6 bytes JMP 70f6000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA                                                          00000000754b2bd8 6 bytes JMP 70c6000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueA                                                   00000000754b404a 6 bytes JMP 708c000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!RegCreateKeyExW                                                         00000000754b40fe 6 bytes JMP 7102000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!AdjustTokenPrivileges                                                   00000000754b418e 6 bytes JMP 7086000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!LookupPrivilegeValueW                                                   00000000754b41b3 6 bytes JMP 7089000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!OpenProcessToken                                                        00000000754b4304 6 bytes JMP 708f000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW                                                           00000000754b468d 6 bytes JMP 70f0000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW                                                        00000000754b46ad 6 bytes JMP 70dc000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExA                                                        00000000754b48ef 6 bytes JMP 70df000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA                                                           00000000754b4907 6 bytes JMP 70f3000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                          00000000754c712c 6 bytes JMP 7119000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyA                                                           00000000754ca8b7 6 bytes JMP 7062000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                          00000000754e3158 6 bytes JMP 711c000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\SHELL32.dll!ShellExecuteW                                                            0000000075993c31 6 bytes JMP 714a000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                        00000000759a0171 6 bytes JMP 70a1000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW                                                          00000000759a1df6 6 bytes JMP 7144000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx                                                           0000000075bc748a 6 bytes JMP 7147000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\SHELL32.dll!ShellExecuteA                                                            0000000075bc7525 6 bytes JMP 714d000a
.text     C:\Users\Administrator\Desktop\gmer_2.1.19163.exe[5884] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIcon                                                         0000000075bc8f9e 6 bytes JMP 70a4000a

---- EOF - GMER 2.1 ----

Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
ant :: ELISE [Administrator]

Schutz: Aktiviert

18.09.2013 14:00:00
mbam-log-2013-09-18 (14-00-00).txt

Art des Suchlaufs: Flash-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P
Durchsuchte Objekte: 228054
Laufzeit: 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
c:\windows\tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Löschen bei Neustart.
c:\windows\tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Löschen bei Neustart.
c:\windows\tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Löschen bei Neustart.

(Ende)

schrauber · 20.09.2013, 21:06

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

littleant · 21.09.2013, 08:04

Vielen Dank für die Unterstützung

Anbei das Combofix Log:

Code:

ATTFilter

ComboFix 13-09-19.01 - Administrator 21.09.2013   8:55.3.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8183.5727 [GMT 2:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-21 bis 2013-09-21  ))))))))))))))))))))))))))))))
.
.
2018-05-15 07:58 . 2013-04-13 13:04	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2014-06-14 08:09 . 2013-06-12 05:31	--------	d-----w-	c:\program files\Common Files\Adobe
2013-12-24 08:31 . 2013-03-01 11:32	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2013-12-24 08:31 . 2011-11-03 02:01	56208	------w-	c:\windows\system32\drivers\PxHlpa64.sys
2013-12-24 08:31 . 2009-12-04 08:08	10224	------w-	c:\windows\system32\drivers\cdralw2k.sys
2013-12-24 08:31 . 2009-12-04 08:08	10224	------w-	c:\windows\system32\drivers\cdr4_xp.sys
2013-12-24 08:30 . 2013-08-26 07:49	--------	d-----w-	c:\program files\Adobe
2013-09-21 06:59 . 2013-09-21 06:59	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2013-09-21 06:59 . 2013-09-21 06:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-21 06:59 . 2013-09-21 06:59	--------	d-----w-	c:\users\ant\AppData\Local\temp
2013-09-21 06:59 . 2013-09-21 06:59	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2013-09-20 14:28 . 2013-09-05 05:32	9694160	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A413DAF0-B197-4160-BC88-11293EC5661D}\mpengine.dll
2013-09-20 13:41 . 2013-09-20 13:41	--------	d-----w-	C:\FRST
2013-09-20 11:20 . 2013-09-20 11:20	--------	d-----w-	c:\users\ant\AppData\Roaming\Curiolab
2013-09-19 09:25 . 2013-09-19 09:25	--------	d-----w-	c:\program files\iPod
2013-09-19 09:25 . 2013-09-19 09:25	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 09:25 . 2013-09-19 09:25	--------	d-----w-	c:\program files\iTunes
2013-09-18 14:09 . 2013-09-05 05:32	9694160	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-18 13:46 . 2013-09-20 13:37	--------	d-----w-	c:\users\Administrator
2013-09-18 12:13 . 2013-09-18 12:13	--------	d-----w-	c:\users\Admin\AppData\Local\PFU
2013-09-18 12:13 . 2013-09-18 12:13	--------	d-----w-	c:\users\Admin\AppData\Roaming\PFU
2013-09-18 05:43 . 2013-09-18 05:47	--------	d-----w-	c:\programdata\HitmanPro
2013-09-17 15:49 . 2013-09-17 15:49	--------	d-----w-	c:\users\Admin\AppData\Roaming\Malwarebytes
2013-09-17 06:45 . 2013-09-18 06:01	--------	d-----w-	C:\MGTools
2013-09-17 06:11 . 2013-09-17 06:11	--------	d-----w-	c:\programdata\Simply Super Software
2013-09-16 15:53 . 2013-09-16 15:53	--------	d-----w-	c:\users\ant\AppData\Roaming\Malwarebytes
2013-09-16 15:53 . 2013-09-16 15:53	--------	d-----w-	c:\programdata\Malwarebytes
2013-09-16 15:53 . 2013-09-16 15:53	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-16 15:53 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-09-16 15:52 . 2013-09-16 15:52	--------	d-----w-	c:\users\ant\AppData\Local\Programs
2013-09-13 07:05 . 2013-09-13 10:20	--------	d-----w-	c:\users\ant\AppData\Roaming\gnupg
2013-09-13 07:05 . 2013-09-13 07:05	--------	d-----w-	c:\programdata\GNU
2013-09-13 07:05 . 2013-09-13 07:05	--------	d-----w-	c:\program files (x86)\GNU
2013-09-13 06:34 . 2013-09-13 06:35	--------	d-----w-	c:\program files (x86)\Tor Browser
2013-09-13 05:06 . 2013-07-26 02:24	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-09-13 05:06 . 2013-07-26 02:24	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-09-06 07:53 . 2013-09-06 07:52	965008	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2BB995B-83F7-4CD3-8B7D-CDB1714C40D9}\gapaengine.dll
2013-09-05 14:04 . 2013-09-05 14:04	209272	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-09-03 13:53 . 2013-09-03 13:53	187248	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-08-26 09:56 . 2013-08-26 09:56	--------	d-----w-	c:\users\ant\AppData\Roaming\Cornelsen Schulverlage
2013-08-26 09:56 . 2013-08-26 09:56	--------	d-----w-	c:\users\ant\AppData\Local\Cornelsen Schulverlage
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 15:07 . 2012-04-20 04:25	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 15:07 . 2011-05-20 05:57	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-20 15:07 . 2012-04-20 05:08	3723656	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-18 06:01 . 2013-09-18 05:55	232499	----a-w-	C:\MGlogs.zip
2013-09-13 21:41 . 2009-12-22 19:22	79143768	----a-w-	c:\windows\system32\MRT.exe
2013-08-23 06:21 . 2011-03-25 07:14	941720	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-16 11:24 . 2013-08-16 11:24	231376	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2013-08-02 01:48 . 2013-09-13 05:09	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-15 12:46	1888768	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-15 12:46	1620992	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-15 12:48	2048	----a-w-	c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-15 12:48	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-15 12:54	224256	----a-w-	c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-15 12:46	1217024	----a-w-	c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-15 12:54	1472512	----a-w-	c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-15 12:54	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-15 12:54	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-15 12:46	663552	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-15 12:54	175104	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-15 12:54	1166848	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-15 12:54	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 12:54	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-15 12:46	1910208	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MRUTray"="c:\program files (x86)\Marvell\raid\tray\MarvellTray.exe" [2009-10-09 741376]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-09-05 3478392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-08-19 2236816]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-09-17 152392]
.
c:\users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-7-23 1089888]
SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2009-11-25 4009592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2013-8-15 77824]
In PDF-Datei mit ScanSnap Organizer konvertieren.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2013-8-15 15360]
QuatoCalibrationLoader.lnk - c:\program files (x86)\Quato\iColorDisplay\QuatoCalibrationLoader.exe [2007-10-1 499712]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2013-8-15 1097728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 cpuz130;cpuz130;t:\cache\Windows\AppData\Local\Temp\cpuz130\cpuz_x64.sys;t:\cache\Windows\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys;c:\windows\SYSNATIVE\DRIVERS\ENTECH64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE;c:\windows\PSEXESVC.EXE [x]
R3 Radio.fx;Radio.fx Server;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\system32\DRIVERS\vnaap.sys;c:\windows\SYSNATIVE\DRIVERS\vnaap.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stcvsm;StorageCraft Volume Snapshot Driver;c:\windows\system32\DRIVERS\stcvsm.sys;c:\windows\SYSNATIVE\DRIVERS\stcvsm.sys [x]
S1 sbmount;StorageCraft Image Mount Driver; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [x]
S2 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [x]
S2 ShadowControl ImageManager;ShadowControl ImageManager;c:\program files (x86)\StorageCraft\ImageManager\ImageManager.exe;c:\program files (x86)\StorageCraft\ImageManager\ImageManager.exe [x]
S2 ShadowProtectSvc;ShadowProtect Service;c:\program files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe;c:\program files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x]
S2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\program files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe;c:\program files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-20 12:27	1177552	----a-w-	c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 15:08]
.
2013-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-23 14:51]
.
2013-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-23 14:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-08-16 22:32	3357040	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-08-16 22:32	3357040	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-08-16 22:32	3357040	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-13 472984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-10-10 2041192]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2012-11-20 1696824]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {{0221703C-6E84-4915-9960-593A66B3D84E} - c:\program files (x86)\ELOoffice\EloArcConnect.exe
IE: {{39FC0E7F-84EA-4962-AB58-33913BC63CAB} - c:\program files (x86)\ELOoffice\EloInternetExplorer.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\ant\AppData\Roaming\Mozilla\Firefox\Profiles\k8q64fo9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3268095362-1151611467-2216067242-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,3b,1b,29,28,93,
   58,fa,83,43,09,80,a5,48,59,e3,a8,ec,8e
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,04,
   69,cf,85,4a,0e,a9,e6,94,9a,f0,9b,6d,5e
"{92EF2EAD-A7CE-4424-B0DB-499CF856608E}"=hex:51,66,7a,6c,4c,1d,3b,1b,bd,33,ff,
   8d,f1,f4,42,0c,af,d6,09,dc,f9,14,20,93
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,3b,1b,55,cd,6c,
   b1,5e,bb,29,00,9d,7e,44,05,ef,54,59,0d
"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,3b,1b,e9,fd,49,
   d3,7c,2d,9c,0c,80,a7,c3,37,84,49,b2,18
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,d8,
   c4,7a,f7,3d,0b,a3,79,dc,65,c0,87,c8,b4
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,3b,1b,f7,03,87,
   eb,9f,89,35,08,86,69,26,1d,8f,a4,e0,6a
.
[HKEY_USERS\S-1-5-21-3268095362-1151611467-2216067242-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:f7,56,9b,17,02,b5,ce,01
.
[HKEY_USERS\S-1-5-21-3268095362-1151611467-2216067242-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,3e,40,b3,be,4b,6d,44,88,08,5a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,3e,40,b3,be,4b,6d,44,88,08,5a,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:72,95,7f,a2,92,27,c7,1a,2b,27,43,dd,ce,d8,38,88,3d,ba,cc,f6,c4,
   e1,f8,7a,86,61,80,b8,6c,2c,f1,0f,e0,61,70,5d,8b,b0,91,c1,17,64,d2,e4,4c,9e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:72,95,7f,a2,92,27,c7,1a,2b,27,43,dd,ce,d8,38,88,3d,ba,cc,f6,c4,
   e1,f8,7a,86,61,80,b8,6c,2c,f1,0f,e0,61,70,5d,8b,b0,91,c1,17,64,d2,e4,4c,9e,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-21  09:01:11
ComboFix-quarantined-files.txt  2013-09-21 07:01
.
Vor Suchlauf: 19 Verzeichnis(se), 30.012.301.312 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 29.938.778.112 Bytes frei
.
- - End Of File - - E0421DEE00DD51D54E81AA4B0231582C
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 21.09.2013, 12:03

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

littleant · 21.09.2013, 12:48

Vielen Dank ! Weiter gehts:

ADWCleaner:

Code:

ATTFilter

# AdwCleaner v3.004 - Bericht erstellt am 21/09/2013 um 13:35:46
# Updated 15/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Administrator - ELISE
# Gestartet von : C:\Users\Administrator\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\ant\AppData\Roaming\Mozilla\Firefox\Profiles\k8q64fo9.default\jetpack

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Google Chrome v29.0.1547.76

[ Datei : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1189 octets] - [21/09/2013 13:34:55]
AdwCleaner[S0].txt - [1112 octets] - [21/09/2013 13:35:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1172 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Professional x64
Ran by Administrator on 21.09.2013 at 13:38:54,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.09.2013 at 13:42:09,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und ein neues FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2013
Ran by Administrator (administrator) on ELISE on 21-09-2013 13:43:10
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
() C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
() C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2041192 2012-10-10] ()
HKLM\...\Run: [tvncontrol] - C:\Program Files\TightVNC\tvnserver.exe [1696824 2012-11-20] (GlavSoft LLC.)
HKLM-x32\...\Run: [MRUTray] - C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe [741376 2009-10-09] ()
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] - C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKU\ant\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\ant\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\ant\...\Run: [PrinterProDesktop] - C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe [2132992 2012-02-02] ()
HKU\ant\...\Run: [Actions Server] - C:\Program Files (x86)\Usefool\Actions Server\ActionsServer.exe [692224 2013-02-15] (Usefool)
HKU\ant\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Startup: C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npfdm.dll (FreeDownloadManager.org)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Harmony Firefox Plugin) - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Extension: (Google Docs) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx

==================== Services (Whitelisted) =================

R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-08-20] ()
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] ()
R2 Marvell RAID; C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [151552 2009-10-05] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MRUWebService; C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [24635 2009-04-09] (Apache Software Foundation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
S3 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3818776 2013-02-22] ()
S4 RetroExpLauncher; C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.0\retrorun.exe [108064 2007-01-22] (EMC Corporation)
R2 ShadowControl ImageManager; C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe [1559336 2012-03-29] (StorageCraft Technology Corporation)
R2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4672336 2012-11-08] (StorageCraft Technology Corporation)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [1696824 2012-11-20] (GlavSoft LLC.)
R2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [71976 2012-11-08] (StorageCraft Technology Corporation)
S3 PSEXESVC; %SystemRoot%\PSEXESVC.EXE [x]

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-03-02] ()
R2 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (Windows (R) Codename Longhorn DDK provider)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2007-08-20] (EnTech Taiwan)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2007-08-20] (EnTech Taiwan)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-03-02] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [116008 2012-11-08] (StorageCraft Technology Corporation)
S3 slabbus; C:\Windows\System32\DRIVERS\slabbus.sys [79872 2007-03-01] (MCCI Corporation)
S3 slabser; C:\Windows\System32\DRIVERS\slabser.sys [103936 2007-03-01] (MCCI Corporation)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [277288 2012-07-03] (StorageCraft Technology Corporation)
R0 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [50768 2010-10-13] (Windows (R) 2000 DDK provider)
R0 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-10-13] (Paragon)
S3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2010-06-06] (Check Point Software Technologies)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz130; \??\T:\Cache\Windows\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2018-05-15 09:58 - 2013-04-13 15:04 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2014-06-14 10:09 - 2013-06-12 07:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-24 10:31 - 2011-11-03 04:01 - 00056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2013-12-24 10:31 - 2009-12-04 10:08 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2013-12-24 10:31 - 2009-12-04 10:08 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2013-12-24 10:30 - 2013-08-26 09:49 - 00000000 ____D C:\Program Files\Adobe
2013-09-21 13:38 - 2013-09-21 13:38 - 00000000 ____D C:\Windows\ERUNT
2013-09-21 13:36 - 2013-09-21 13:36 - 00000022 _____ C:\Windows\S.dirmngr
2013-09-21 13:34 - 2013-09-21 13:35 - 00000000 ____D C:\AdwCleaner
2013-09-21 13:32 - 2013-09-21 13:32 - 01029675 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2013-09-21 13:31 - 2013-09-21 13:31 - 01039554 _____ C:\Users\Administrator\Desktop\adwcleaner.exe
2013-09-21 13:27 - 2013-09-21 13:27 - 01956670 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-09-21 09:01 - 2013-09-21 09:01 - 00028031 _____ C:\ComboFix.txt
2013-09-21 08:43 - 2013-09-21 08:46 - 05128554 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2013-09-20 15:50 - 2013-09-20 15:50 - 00377856 _____ C:\Users\Administrator\Desktop\gmer_2.1.19163.exe
2013-09-20 15:41 - 2013-09-20 15:41 - 00000000 ____D C:\FRST
2013-09-20 15:37 - 2013-09-20 15:37 - 00000488 _____ C:\Windows\SysWOW64\defogger_disable.log
2013-09-20 15:37 - 2013-09-20 15:37 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-09-20 13:20 - 2013-09-20 13:20 - 00000000 ____D C:\Users\ant\AppData\Roaming\Curiolab
2013-09-19 11:25 - 2013-09-19 11:25 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\Program Files\iTunes
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\Program Files\iPod
2013-09-19 07:50 - 2013-09-19 08:03 - 90013968 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
2013-09-19 07:25 - 2013-09-21 13:35 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Free Download Manager
2013-09-19 07:10 - 2013-09-19 07:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-09-19 07:05 - 2013-09-19 07:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2013-09-19 07:04 - 2013-09-19 07:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2013-09-18 16:32 - 2013-09-18 16:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-09-18 15:53 - 2013-09-18 15:53 - 00000017 _____ C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2013-09-18 15:48 - 2013-09-19 07:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-09-18 15:48 - 2013-09-18 15:48 - 00003512 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Elise-Administrator
2013-09-18 15:48 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Administrator\Documents\Simply Super Software
2013-09-18 15:48 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\PFU
2013-09-18 15:47 - 2013-09-21 08:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-09-18 15:47 - 2013-09-19 07:10 - 00002255 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2013-09-18 15:47 - 2013-09-18 17:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-09-18 15:47 - 2013-09-18 15:47 - 00065760 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-18 15:47 - 2013-09-18 15:47 - 00001381 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PFU
2013-09-18 15:46 - 2013-09-20 15:37 - 00000000 ____D C:\Users\Administrator
2013-09-18 15:46 - 2013-09-18 15:46 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2013-09-18 15:46 - 2011-05-08 19:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-09-18 15:46 - 2009-12-25 14:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-09-18 15:46 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-18 15:46 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-18 14:13 - 2013-09-18 14:13 - 00003496 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Elise-Admin
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\Documents\Simply Super Software
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PFU
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\AppData\Local\PFU
2013-09-18 14:12 - 2013-09-18 14:12 - 00002259 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2013-09-18 08:38 - 2013-09-21 13:36 - 00001344 _____ C:\Windows\setupact.log
2013-09-18 08:38 - 2013-09-21 09:07 - 00290904 _____ C:\Windows\PFRO.log
2013-09-18 08:38 - 2013-09-18 08:38 - 00000000 _____ C:\Windows\setuperr.log
2013-09-18 08:19 - 2013-09-21 09:01 - 00000000 ____D C:\Qoobox
2013-09-18 08:19 - 2013-09-18 08:40 - 00000000 ____D C:\Windows\erdnt
2013-09-18 08:19 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-18 08:19 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-18 08:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-18 08:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-18 08:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-18 08:19 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-18 08:19 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-18 08:19 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-18 08:17 - 2013-09-20 13:42 - 05128554 ____R (Swearware) C:\Users\ant\Desktop\ComboFix.exe
2013-09-18 07:55 - 2013-09-18 08:01 - 00232499 _____ C:\MGlogs.zip
2013-09-18 07:43 - 2013-09-18 07:47 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-18 07:39 - 2013-09-18 13:59 - 00000000 ____D C:\Users\ant\Desktop\Antivirus
2013-09-18 07:38 - 2013-09-18 07:38 - 00002884 _____ C:\Users\ant\Desktop\RKreport[0]_S_09182013_073830.txt
2013-09-18 07:36 - 2013-09-18 07:40 - 00000000 ____D C:\Users\ant\Desktop\RK_Quarantine
2013-09-17 17:49 - 2013-09-17 17:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-09-17 08:45 - 2013-09-18 08:01 - 00000000 ____D C:\MGTools
2013-09-17 08:11 - 2013-09-17 08:11 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\Users\ant\AppData\Roaming\Malwarebytes
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-16 17:53 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-13 23:42 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 23:42 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 23:42 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 23:42 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 23:42 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 23:42 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 23:42 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 23:42 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 23:42 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 23:42 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 23:42 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 23:42 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 11:59 - 2013-09-13 11:59 - 01176256 _____ C:\Users\ant\Downloads\enigmail-1.5.2-tb+sm.xpi
2013-09-13 09:05 - 2013-09-13 12:20 - 00000000 ____D C:\Users\ant\AppData\Roaming\gnupg
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\Users\Public\Desktop\Gpg4win Documentation
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\ProgramData\GNU
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\Program Files (x86)\GNU
2013-09-13 08:52 - 2013-09-13 08:59 - 29690648 _____ (g10 Code GmbH) C:\Users\ant\Downloads\gpg4win-2.2.0.exe
2013-09-13 08:34 - 2013-09-13 08:35 - 00000000 ____D C:\Program Files (x86)\Tor Browser
2013-09-13 07:09 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 07:09 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-13 07:09 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-13 07:09 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-13 07:09 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-13 07:09 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-13 07:09 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 07:09 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-13 07:09 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 07:09 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-13 07:09 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-13 07:09 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-13 07:09 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 07:09 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 07:09 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 07:09 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 07:09 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-13 07:09 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-13 07:09 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-13 07:09 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-13 07:09 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 07:06 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 07:06 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 07:06 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 07:06 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-08-26 11:56 - 2013-08-26 11:56 - 00000000 ____D C:\Users\ant\AppData\Roaming\Cornelsen Schulverlage
2013-08-26 11:56 - 2013-08-26 11:56 - 00000000 ____D C:\Users\ant\AppData\Local\Cornelsen Schulverlage

==================== One Month Modified Files and Folders =======

2013-09-21 13:42 - 2009-07-14 19:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-09-21 13:42 - 2009-07-14 19:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-09-21 13:42 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-21 13:38 - 2013-09-21 13:38 - 00000000 ____D C:\Windows\ERUNT
2013-09-21 13:37 - 2012-09-21 12:14 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-21 13:37 - 2009-12-23 07:47 - 00179648 _____ C:\Windows\za_mv_raid.ev
2013-09-21 13:37 - 2009-12-23 07:47 - 00000096 _____ C:\Windows\za_mv_seqnum.ev
2013-09-21 13:36 - 2013-09-21 13:36 - 00000022 _____ C:\Windows\S.dirmngr
2013-09-21 13:36 - 2013-09-18 08:38 - 00001344 _____ C:\Windows\setupact.log
2013-09-21 13:36 - 2013-03-21 08:24 - 00000008 _____ C:\Windows\mvraidver.dat
2013-09-21 13:36 - 2012-08-04 11:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-21 13:36 - 2009-12-22 20:39 - 01483440 _____ C:\Windows\WindowsUpdate.log
2013-09-21 13:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-21 13:35 - 2013-09-21 13:34 - 00000000 ____D C:\AdwCleaner
2013-09-21 13:35 - 2013-09-19 07:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Free Download Manager
2013-09-21 13:33 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-21 13:33 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-21 13:32 - 2013-09-21 13:32 - 01029675 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2013-09-21 13:31 - 2013-09-21 13:31 - 01039554 _____ C:\Users\Administrator\Desktop\adwcleaner.exe
2013-09-21 13:27 - 2013-09-21 13:27 - 01956670 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-09-21 13:07 - 2012-04-20 06:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-21 12:59 - 2009-12-23 16:51 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-21 12:01 - 2009-12-23 16:54 - 00000000 ____D C:\Users\ant\AppData\Local\Adobe
2013-09-21 11:31 - 2009-12-23 09:47 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-09-21 09:07 - 2013-09-18 08:38 - 00290904 _____ C:\Windows\PFRO.log
2013-09-21 09:01 - 2013-09-21 09:01 - 00028031 _____ C:\ComboFix.txt
2013-09-21 09:01 - 2013-09-18 08:19 - 00000000 ____D C:\Qoobox
2013-09-21 09:00 - 2009-12-22 20:40 - 00000000 ___RD C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-21 09:00 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-21 08:59 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-09-21 08:46 - 2013-09-21 08:43 - 05128554 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2013-09-21 08:43 - 2010-02-28 18:02 - 00000000 ____D C:\Program Files (x86)\Catan GmbH
2013-09-20 18:42 - 2011-04-17 11:01 - 00000000 ____D C:\Users\ant\AppData\Roaming\Dropbox
2013-09-20 17:08 - 2012-04-20 06:25 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 17:07 - 2012-04-20 07:08 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-20 17:07 - 2012-04-20 06:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 17:07 - 2011-05-20 07:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 15:50 - 2013-09-20 15:50 - 00377856 _____ C:\Users\Administrator\Desktop\gmer_2.1.19163.exe
2013-09-20 15:41 - 2013-09-20 15:41 - 00000000 ____D C:\FRST
2013-09-20 15:37 - 2013-09-20 15:37 - 00000488 _____ C:\Windows\SysWOW64\defogger_disable.log
2013-09-20 15:37 - 2013-09-20 15:37 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-09-20 15:37 - 2013-09-18 15:46 - 00000000 ____D C:\Users\Administrator
2013-09-20 13:42 - 2013-09-18 08:17 - 05128554 ____R (Swearware) C:\Users\ant\Desktop\ComboFix.exe
2013-09-20 13:40 - 2013-05-18 10:16 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-09-20 13:39 - 2010-06-19 10:48 - 00000000 ____D C:\Users\ant\AppData\Roaming\Free Download Manager
2013-09-20 13:20 - 2013-09-20 13:20 - 00000000 ____D C:\Users\ant\AppData\Roaming\Curiolab
2013-09-19 11:25 - 2013-09-19 11:25 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\Program Files\iTunes
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\Program Files\iPod
2013-09-19 10:39 - 2009-12-22 20:40 - 00000000 ____D C:\Users\ant
2013-09-19 08:07 - 2009-12-23 06:41 - 00000000 ____D C:\Users\ant\Desktop\Applications
2013-09-19 08:03 - 2013-09-19 07:50 - 90013968 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
2013-09-19 07:10 - 2013-09-19 07:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-09-19 07:10 - 2013-09-18 15:47 - 00002255 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2013-09-19 07:05 - 2013-09-19 07:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2013-09-19 07:04 - 2013-09-19 07:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2013-09-19 07:04 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-09-18 17:07 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-09-18 16:32 - 2013-09-18 16:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-09-18 15:53 - 2013-09-18 15:53 - 00000017 _____ C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2013-09-18 15:48 - 2013-09-18 15:48 - 00003512 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Elise-Administrator
2013-09-18 15:48 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Administrator\Documents\Simply Super Software
2013-09-18 15:48 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\PFU
2013-09-18 15:47 - 2013-09-18 15:47 - 00065760 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-18 15:47 - 2013-09-18 15:47 - 00001381 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PFU
2013-09-18 15:46 - 2013-09-18 15:46 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2013-09-18 14:23 - 2011-06-20 09:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-09-18 14:13 - 2013-09-18 14:13 - 00003496 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Elise-Admin
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\Documents\Simply Super Software
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PFU
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\AppData\Local\PFU
2013-09-18 14:13 - 2011-06-20 09:21 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-09-18 14:13 - 2011-06-20 09:19 - 00065760 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-18 14:13 - 2011-06-20 09:19 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-18 14:13 - 2011-06-20 09:19 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-18 14:13 - 2011-06-20 09:19 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2013-09-18 14:12 - 2013-09-18 14:12 - 00002259 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2013-09-18 14:12 - 2011-06-20 09:19 - 00001385 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-18 14:00 - 2009-12-23 07:13 - 00000000 ____D C:\Users\ant\AppData\Local\Apps\2.0
2013-09-18 13:59 - 2013-09-18 07:39 - 00000000 ____D C:\Users\ant\Desktop\Antivirus
2013-09-18 08:46 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-18 08:40 - 2013-09-18 08:19 - 00000000 ____D C:\Windows\erdnt
2013-09-18 08:38 - 2013-09-18 08:38 - 00000000 _____ C:\Windows\setuperr.log
2013-09-18 08:01 - 2013-09-18 07:55 - 00232499 _____ C:\MGlogs.zip
2013-09-18 08:01 - 2013-09-17 08:45 - 00000000 ____D C:\MGTools
2013-09-18 07:47 - 2013-09-18 07:43 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-18 07:40 - 2013-09-18 07:36 - 00000000 ____D C:\Users\ant\Desktop\RK_Quarantine
2013-09-18 07:38 - 2013-09-18 07:38 - 00002884 _____ C:\Users\ant\Desktop\RKreport[0]_S_09182013_073830.txt
2013-09-18 07:28 - 2010-02-06 13:42 - 00000000 ____D C:\Users\ant\AppData\Roaming\FileZilla
2013-09-18 07:28 - 2009-12-23 06:43 - 00000000 ____D C:\Users\ant\AppData\Roaming\Skype
2013-09-18 07:27 - 2011-01-06 16:14 - 00000000 ___DC C:\Users\ant\AppData\Local\MigWiz
2013-09-18 07:27 - 2009-12-25 12:52 - 00000000 ____D C:\Windows\Minidump
2013-09-18 07:27 - 2009-12-22 20:33 - 00000000 ____D C:\Windows\Panther
2013-09-17 17:49 - 2013-09-17 17:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-09-17 08:11 - 2013-09-17 08:11 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\Users\ant\AppData\Roaming\Malwarebytes
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-16 17:46 - 2009-12-26 11:14 - 00007626 _____ C:\Users\ant\AppData\Local\resmon.resmoncfg
2013-09-14 14:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-14 11:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-14 09:44 - 2010-01-10 10:51 - 00000000 ____D C:\Program Files (x86)\DirSync
2013-09-14 08:36 - 2009-12-22 20:40 - 00000000 ___RD C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-14 08:36 - 2009-07-14 06:45 - 04925808 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 23:42 - 2013-08-15 22:34 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 23:41 - 2009-12-25 13:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 23:41 - 2009-12-22 21:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-13 12:20 - 2013-09-13 09:05 - 00000000 ____D C:\Users\ant\AppData\Roaming\gnupg
2013-09-13 11:59 - 2013-09-13 11:59 - 01176256 _____ C:\Users\ant\Downloads\enigmail-1.5.2-tb+sm.xpi
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\Users\Public\Desktop\Gpg4win Documentation
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\ProgramData\GNU
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\Program Files (x86)\GNU
2013-09-13 08:59 - 2013-09-13 08:52 - 29690648 _____ (g10 Code GmbH) C:\Users\ant\Downloads\gpg4win-2.2.0.exe
2013-09-13 08:35 - 2013-09-13 08:34 - 00000000 ____D C:\Program Files (x86)\Tor Browser
2013-09-01 10:29 - 2013-03-01 13:42 - 00000021 _____ C:\Windows\SurCode.INI
2013-09-01 09:11 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-31 15:12 - 2010-10-09 14:49 - 00000000 ____D C:\Program Files (x86)\ELOoffice
2013-08-30 09:25 - 2013-08-07 17:55 - 00001301 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-08-26 18:19 - 2011-01-28 08:37 - 00001912 _____ C:\Windows\epplauncher.mif
2013-08-26 18:18 - 2011-01-28 08:37 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-26 18:18 - 2011-01-28 08:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-26 11:56 - 2013-08-26 11:56 - 00000000 ____D C:\Users\ant\AppData\Roaming\Cornelsen Schulverlage
2013-08-26 11:56 - 2013-08-26 11:56 - 00000000 ____D C:\Users\ant\AppData\Local\Cornelsen Schulverlage
2013-08-26 09:49 - 2013-12-24 10:30 - 00000000 ____D C:\Program Files\Adobe

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 12:06

==================== End Of Log ============================

--- --- ---

schrauber · 21.09.2013, 16:49

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

littleant · 22.09.2013, 13:38

Dankeschön ! Hier die neuen Logs:

Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=48554f2461b29b4fb9067af23fa33227
# engine=15210
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-21 04:17:57
# local_time=2013-09-21 06:17:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 3019900 131410127 0 0
# scanned=196
# found=0
# cleaned=0
# scan_time=6
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=48554f2461b29b4fb9067af23fa33227
# engine=15213
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-22 12:20:21
# local_time=2013-09-22 02:20:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 3092044 131482271 0 0
# scanned=643543
# found=0
# cleaned=0
# scan_time=11065

Securitycheck:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 11.8.800.168  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (23.0.1) 
 Mozilla Thunderbird (17.0.6) 
 Google Chrome 29.0.1547.66  
 Google Chrome 29.0.1547.76  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2013
Ran by Administrator (administrator) on ELISE on 22-09-2013 14:26:26
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
() C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
() C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2041192 2012-10-10] ()
HKLM\...\Run: [tvncontrol] - C:\Program Files\TightVNC\tvnserver.exe [1696824 2012-11-20] (GlavSoft LLC.)
HKLM-x32\...\Run: [MRUTray] - C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe [741376 2009-10-09] ()
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] - C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKU\ant\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\ant\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\ant\...\Run: [PrinterProDesktop] - C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe [2132992 2012-02-02] ()
HKU\ant\...\Run: [Actions Server] - C:\Program Files (x86)\Usefool\Actions Server\ActionsServer.exe [692224 2013-02-15] (Usefool)
HKU\ant\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Startup: C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npfdm.dll (FreeDownloadManager.org)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Harmony Firefox Plugin) - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Extension: (Google Docs) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx

==================== Services (Whitelisted) =================

R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-08-20] ()
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] ()
R2 Marvell RAID; C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [151552 2009-10-05] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MRUWebService; C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [24635 2009-04-09] (Apache Software Foundation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
S3 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3818776 2013-02-22] ()
S4 RetroExpLauncher; C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.0\retrorun.exe [108064 2007-01-22] (EMC Corporation)
R2 ShadowControl ImageManager; C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe [1559336 2012-03-29] (StorageCraft Technology Corporation)
R2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4672336 2012-11-08] (StorageCraft Technology Corporation)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [1696824 2012-11-20] (GlavSoft LLC.)
R2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [71976 2012-11-08] (StorageCraft Technology Corporation)
S3 PSEXESVC; %SystemRoot%\PSEXESVC.EXE [x]

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-03-02] ()
R2 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (Windows (R) Codename Longhorn DDK provider)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2007-08-20] (EnTech Taiwan)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2007-08-20] (EnTech Taiwan)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-03-02] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [116008 2012-11-08] (StorageCraft Technology Corporation)
S3 slabbus; C:\Windows\System32\DRIVERS\slabbus.sys [79872 2007-03-01] (MCCI Corporation)
S3 slabser; C:\Windows\System32\DRIVERS\slabser.sys [103936 2007-03-01] (MCCI Corporation)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [277288 2012-07-03] (StorageCraft Technology Corporation)
R0 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [50768 2010-10-13] (Windows (R) 2000 DDK provider)
R0 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-10-13] (Paragon)
S3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2010-06-06] (Check Point Software Technologies)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz130; \??\T:\Cache\Windows\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2018-05-15 09:58 - 2013-04-13 15:04 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2014-06-14 10:09 - 2013-06-12 07:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-24 10:31 - 2011-11-03 04:01 - 00056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2013-12-24 10:31 - 2009-12-04 10:08 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2013-12-24 10:31 - 2009-12-04 10:08 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2013-12-24 10:30 - 2013-08-26 09:49 - 00000000 ____D C:\Program Files\Adobe
2013-09-22 14:25 - 2013-09-22 14:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2013-09-22 14:23 - 2013-09-22 14:24 - 00891144 _____ C:\Users\Administrator\Desktop\SecurityCheck.exe
2013-09-22 11:14 - 2013-09-22 11:14 - 00000022 _____ C:\Windows\S.dirmngr
2013-09-21 18:09 - 2013-09-21 18:10 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
2013-09-21 13:38 - 2013-09-21 13:38 - 00000000 ____D C:\Windows\ERUNT
2013-09-21 13:34 - 2013-09-21 13:35 - 00000000 ____D C:\AdwCleaner
2013-09-21 13:32 - 2013-09-21 13:32 - 01029675 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2013-09-21 13:31 - 2013-09-21 13:31 - 01039554 _____ C:\Users\Administrator\Desktop\adwcleaner.exe
2013-09-21 13:27 - 2013-09-21 13:27 - 01956670 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-09-21 09:01 - 2013-09-21 09:01 - 00028031 _____ C:\ComboFix.txt
2013-09-21 08:43 - 2013-09-21 08:46 - 05128554 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2013-09-20 15:50 - 2013-09-20 15:50 - 00377856 _____ C:\Users\Administrator\Desktop\gmer_2.1.19163.exe
2013-09-20 15:41 - 2013-09-20 15:41 - 00000000 ____D C:\FRST
2013-09-20 15:37 - 2013-09-20 15:37 - 00000488 _____ C:\Windows\SysWOW64\defogger_disable.log
2013-09-20 15:37 - 2013-09-20 15:37 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-09-20 13:20 - 2013-09-20 13:20 - 00000000 ____D C:\Users\ant\AppData\Roaming\Curiolab
2013-09-19 11:25 - 2013-09-19 11:25 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\Program Files\iTunes
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\Program Files\iPod
2013-09-19 07:50 - 2013-09-19 08:03 - 90013968 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
2013-09-19 07:25 - 2013-09-22 14:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Free Download Manager
2013-09-19 07:10 - 2013-09-19 07:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-09-19 07:05 - 2013-09-19 07:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2013-09-19 07:04 - 2013-09-19 07:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2013-09-18 16:32 - 2013-09-18 16:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-09-18 15:53 - 2013-09-18 15:53 - 00000017 _____ C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2013-09-18 15:48 - 2013-09-19 07:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-09-18 15:48 - 2013-09-18 15:48 - 00003512 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Elise-Administrator
2013-09-18 15:48 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Administrator\Documents\Simply Super Software
2013-09-18 15:48 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\PFU
2013-09-18 15:47 - 2013-09-22 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-09-18 15:47 - 2013-09-19 07:10 - 00002255 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2013-09-18 15:47 - 2013-09-18 17:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-09-18 15:47 - 2013-09-18 15:47 - 00065760 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-18 15:47 - 2013-09-18 15:47 - 00001381 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PFU
2013-09-18 15:46 - 2013-09-20 15:37 - 00000000 ____D C:\Users\Administrator
2013-09-18 15:46 - 2013-09-18 15:46 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2013-09-18 15:46 - 2011-05-08 19:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-09-18 15:46 - 2009-12-25 14:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-09-18 15:46 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-18 15:46 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-18 14:13 - 2013-09-18 14:13 - 00003496 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Elise-Admin
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\Documents\Simply Super Software
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PFU
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\AppData\Local\PFU
2013-09-18 14:12 - 2013-09-18 14:12 - 00002259 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2013-09-18 08:38 - 2013-09-22 11:14 - 00001568 _____ C:\Windows\setupact.log
2013-09-18 08:38 - 2013-09-21 09:07 - 00290904 _____ C:\Windows\PFRO.log
2013-09-18 08:38 - 2013-09-18 08:38 - 00000000 _____ C:\Windows\setuperr.log
2013-09-18 08:19 - 2013-09-21 09:01 - 00000000 ____D C:\Qoobox
2013-09-18 08:19 - 2013-09-18 08:40 - 00000000 ____D C:\Windows\erdnt
2013-09-18 08:19 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-18 08:19 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-18 08:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-18 08:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-18 08:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-18 08:19 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-18 08:19 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-18 08:19 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-18 08:17 - 2013-09-20 13:42 - 05128554 ____R (Swearware) C:\Users\ant\Desktop\ComboFix.exe
2013-09-18 07:55 - 2013-09-18 08:01 - 00232499 _____ C:\MGlogs.zip
2013-09-18 07:43 - 2013-09-18 07:47 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-18 07:39 - 2013-09-18 13:59 - 00000000 ____D C:\Users\ant\Desktop\Antivirus
2013-09-18 07:38 - 2013-09-18 07:38 - 00002884 _____ C:\Users\ant\Desktop\RKreport[0]_S_09182013_073830.txt
2013-09-18 07:36 - 2013-09-18 07:40 - 00000000 ____D C:\Users\ant\Desktop\RK_Quarantine
2013-09-17 17:49 - 2013-09-17 17:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-09-17 08:45 - 2013-09-18 08:01 - 00000000 ____D C:\MGTools
2013-09-17 08:11 - 2013-09-17 08:11 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\Users\ant\AppData\Roaming\Malwarebytes
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-16 17:53 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-13 23:42 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 23:42 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 23:42 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 23:42 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 23:42 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 23:42 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 23:42 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 23:42 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 23:42 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 23:42 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 23:42 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 23:42 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 23:42 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 23:42 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 11:59 - 2013-09-13 11:59 - 01176256 _____ C:\Users\ant\Downloads\enigmail-1.5.2-tb+sm.xpi
2013-09-13 09:05 - 2013-09-13 12:20 - 00000000 ____D C:\Users\ant\AppData\Roaming\gnupg
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\Users\Public\Desktop\Gpg4win Documentation
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\ProgramData\GNU
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\Program Files (x86)\GNU
2013-09-13 08:52 - 2013-09-13 08:59 - 29690648 _____ (g10 Code GmbH) C:\Users\ant\Downloads\gpg4win-2.2.0.exe
2013-09-13 08:34 - 2013-09-13 08:35 - 00000000 ____D C:\Program Files (x86)\Tor Browser
2013-09-13 07:09 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 07:09 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-13 07:09 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-13 07:09 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-13 07:09 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-13 07:09 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-13 07:09 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 07:09 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-13 07:09 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 07:09 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-13 07:09 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-13 07:09 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-13 07:09 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 07:09 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 07:09 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 07:09 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 07:09 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-13 07:09 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-13 07:09 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-13 07:09 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-13 07:09 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 07:09 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 07:06 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 07:06 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 07:06 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 07:06 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-08-26 11:56 - 2013-08-26 11:56 - 00000000 ____D C:\Users\ant\AppData\Roaming\Cornelsen Schulverlage
2013-08-26 11:56 - 2013-08-26 11:56 - 00000000 ____D C:\Users\ant\AppData\Local\Cornelsen Schulverlage

==================== One Month Modified Files and Folders =======

2013-09-22 14:26 - 2013-09-19 07:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Free Download Manager
2013-09-22 14:25 - 2013-09-22 14:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2013-09-22 14:24 - 2013-09-22 14:23 - 00891144 _____ C:\Users\Administrator\Desktop\SecurityCheck.exe
2013-09-22 14:07 - 2012-04-20 06:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-22 13:59 - 2009-12-23 16:51 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-22 12:59 - 2012-09-21 12:14 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-22 11:55 - 2009-12-22 20:39 - 01531009 _____ C:\Windows\WindowsUpdate.log
2013-09-22 11:29 - 2009-12-22 20:40 - 00000000 ____D C:\Users\ant
2013-09-22 11:24 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-09-22 11:21 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-22 11:21 - 2009-07-14 06:45 - 00014640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-22 11:20 - 2009-07-14 19:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-09-22 11:20 - 2009-07-14 19:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-09-22 11:20 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-22 11:14 - 2013-09-22 11:14 - 00000022 _____ C:\Windows\S.dirmngr
2013-09-22 11:14 - 2013-09-18 08:38 - 00001568 _____ C:\Windows\setupact.log
2013-09-22 11:14 - 2013-03-21 08:24 - 00000008 _____ C:\Windows\mvraidver.dat
2013-09-22 11:14 - 2012-08-04 11:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-22 11:14 - 2009-12-23 07:47 - 00180416 _____ C:\Windows\za_mv_raid.ev
2013-09-22 11:14 - 2009-12-23 07:47 - 00000096 _____ C:\Windows\za_mv_seqnum.ev
2013-09-22 11:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-21 18:10 - 2013-09-21 18:09 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
2013-09-21 17:32 - 2013-05-18 10:16 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-09-21 13:51 - 2009-12-23 09:47 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-09-21 13:38 - 2013-09-21 13:38 - 00000000 ____D C:\Windows\ERUNT
2013-09-21 13:35 - 2013-09-21 13:34 - 00000000 ____D C:\AdwCleaner
2013-09-21 13:32 - 2013-09-21 13:32 - 01029675 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2013-09-21 13:31 - 2013-09-21 13:31 - 01039554 _____ C:\Users\Administrator\Desktop\adwcleaner.exe
2013-09-21 13:27 - 2013-09-21 13:27 - 01956670 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2013-09-21 12:01 - 2009-12-23 16:54 - 00000000 ____D C:\Users\ant\AppData\Local\Adobe
2013-09-21 09:07 - 2013-09-18 08:38 - 00290904 _____ C:\Windows\PFRO.log
2013-09-21 09:01 - 2013-09-21 09:01 - 00028031 _____ C:\ComboFix.txt
2013-09-21 09:01 - 2013-09-18 08:19 - 00000000 ____D C:\Qoobox
2013-09-21 09:00 - 2009-12-22 20:40 - 00000000 ___RD C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-21 09:00 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-21 08:46 - 2013-09-21 08:43 - 05128554 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2013-09-21 08:43 - 2010-02-28 18:02 - 00000000 ____D C:\Program Files (x86)\Catan GmbH
2013-09-20 18:42 - 2011-04-17 11:01 - 00000000 ____D C:\Users\ant\AppData\Roaming\Dropbox
2013-09-20 17:08 - 2012-04-20 06:25 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 17:07 - 2012-04-20 07:08 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-20 17:07 - 2012-04-20 06:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 17:07 - 2011-05-20 07:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 15:50 - 2013-09-20 15:50 - 00377856 _____ C:\Users\Administrator\Desktop\gmer_2.1.19163.exe
2013-09-20 15:41 - 2013-09-20 15:41 - 00000000 ____D C:\FRST
2013-09-20 15:37 - 2013-09-20 15:37 - 00000488 _____ C:\Windows\SysWOW64\defogger_disable.log
2013-09-20 15:37 - 2013-09-20 15:37 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-09-20 15:37 - 2013-09-18 15:46 - 00000000 ____D C:\Users\Administrator
2013-09-20 13:42 - 2013-09-18 08:17 - 05128554 ____R (Swearware) C:\Users\ant\Desktop\ComboFix.exe
2013-09-20 13:39 - 2010-06-19 10:48 - 00000000 ____D C:\Users\ant\AppData\Roaming\Free Download Manager
2013-09-20 13:20 - 2013-09-20 13:20 - 00000000 ____D C:\Users\ant\AppData\Roaming\Curiolab
2013-09-19 11:25 - 2013-09-19 11:25 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\Program Files\iTunes
2013-09-19 11:25 - 2013-09-19 11:25 - 00000000 ____D C:\Program Files\iPod
2013-09-19 08:07 - 2009-12-23 06:41 - 00000000 ____D C:\Users\ant\Desktop\Applications
2013-09-19 08:03 - 2013-09-19 07:50 - 90013968 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
2013-09-19 07:10 - 2013-09-19 07:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-09-19 07:10 - 2013-09-18 15:47 - 00002255 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2013-09-19 07:05 - 2013-09-19 07:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2013-09-19 07:04 - 2013-09-19 07:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2013-09-19 07:04 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-09-18 17:07 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-09-18 16:32 - 2013-09-18 16:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-09-18 15:53 - 2013-09-18 15:53 - 00000017 _____ C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2013-09-18 15:48 - 2013-09-18 15:48 - 00003512 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Elise-Administrator
2013-09-18 15:48 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Administrator\Documents\Simply Super Software
2013-09-18 15:48 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\PFU
2013-09-18 15:47 - 2013-09-18 15:47 - 00065760 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-18 15:47 - 2013-09-18 15:47 - 00001381 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PFU
2013-09-18 15:46 - 2013-09-18 15:46 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2013-09-18 15:46 - 2013-09-18 15:46 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2013-09-18 14:23 - 2011-06-20 09:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-09-18 14:13 - 2013-09-18 14:13 - 00003496 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Elise-Admin
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\Documents\Simply Super Software
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PFU
2013-09-18 14:13 - 2013-09-18 14:13 - 00000000 ____D C:\Users\Admin\AppData\Local\PFU
2013-09-18 14:13 - 2011-06-20 09:21 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-09-18 14:13 - 2011-06-20 09:19 - 00065760 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-18 14:13 - 2011-06-20 09:19 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-18 14:13 - 2011-06-20 09:19 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-18 14:13 - 2011-06-20 09:19 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2013-09-18 14:12 - 2013-09-18 14:12 - 00002259 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2013-09-18 14:12 - 2011-06-20 09:19 - 00001385 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-18 14:00 - 2009-12-23 07:13 - 00000000 ____D C:\Users\ant\AppData\Local\Apps\2.0
2013-09-18 13:59 - 2013-09-18 07:39 - 00000000 ____D C:\Users\ant\Desktop\Antivirus
2013-09-18 08:46 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-18 08:40 - 2013-09-18 08:19 - 00000000 ____D C:\Windows\erdnt
2013-09-18 08:38 - 2013-09-18 08:38 - 00000000 _____ C:\Windows\setuperr.log
2013-09-18 08:01 - 2013-09-18 07:55 - 00232499 _____ C:\MGlogs.zip
2013-09-18 08:01 - 2013-09-17 08:45 - 00000000 ____D C:\MGTools
2013-09-18 07:47 - 2013-09-18 07:43 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-18 07:40 - 2013-09-18 07:36 - 00000000 ____D C:\Users\ant\Desktop\RK_Quarantine
2013-09-18 07:38 - 2013-09-18 07:38 - 00002884 _____ C:\Users\ant\Desktop\RKreport[0]_S_09182013_073830.txt
2013-09-18 07:28 - 2010-02-06 13:42 - 00000000 ____D C:\Users\ant\AppData\Roaming\FileZilla
2013-09-18 07:28 - 2009-12-23 06:43 - 00000000 ____D C:\Users\ant\AppData\Roaming\Skype
2013-09-18 07:27 - 2011-01-06 16:14 - 00000000 ___DC C:\Users\ant\AppData\Local\MigWiz
2013-09-18 07:27 - 2009-12-25 12:52 - 00000000 ____D C:\Windows\Minidump
2013-09-18 07:27 - 2009-12-22 20:33 - 00000000 ____D C:\Windows\Panther
2013-09-17 17:49 - 2013-09-17 17:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-09-17 08:11 - 2013-09-17 08:11 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\Users\ant\AppData\Roaming\Malwarebytes
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-16 17:53 - 2013-09-16 17:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-16 17:46 - 2009-12-26 11:14 - 00007626 _____ C:\Users\ant\AppData\Local\resmon.resmoncfg
2013-09-14 14:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-14 11:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-14 09:44 - 2010-01-10 10:51 - 00000000 ____D C:\Program Files (x86)\DirSync
2013-09-14 08:36 - 2009-12-22 20:40 - 00000000 ___RD C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-14 08:36 - 2009-07-14 06:45 - 04925808 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 23:42 - 2013-08-15 22:34 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 23:41 - 2009-12-25 13:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 23:41 - 2009-12-22 21:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-13 12:20 - 2013-09-13 09:05 - 00000000 ____D C:\Users\ant\AppData\Roaming\gnupg
2013-09-13 11:59 - 2013-09-13 11:59 - 01176256 _____ C:\Users\ant\Downloads\enigmail-1.5.2-tb+sm.xpi
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\Users\Public\Desktop\Gpg4win Documentation
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\ProgramData\GNU
2013-09-13 09:05 - 2013-09-13 09:05 - 00000000 ____D C:\Program Files (x86)\GNU
2013-09-13 08:59 - 2013-09-13 08:52 - 29690648 _____ (g10 Code GmbH) C:\Users\ant\Downloads\gpg4win-2.2.0.exe
2013-09-13 08:35 - 2013-09-13 08:34 - 00000000 ____D C:\Program Files (x86)\Tor Browser
2013-09-01 10:29 - 2013-03-01 13:42 - 00000021 _____ C:\Windows\SurCode.INI
2013-09-01 09:11 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-31 15:12 - 2010-10-09 14:49 - 00000000 ____D C:\Program Files (x86)\ELOoffice
2013-08-30 09:25 - 2013-08-07 17:55 - 00001301 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-08-26 18:19 - 2011-01-28 08:37 - 00001912 _____ C:\Windows\epplauncher.mif
2013-08-26 18:18 - 2011-01-28 08:37 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-26 18:18 - 2011-01-28 08:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-26 11:56 - 2013-08-26 11:56 - 00000000 ____D C:\Users\ant\AppData\Roaming\Cornelsen Schulverlage
2013-08-26 11:56 - 2013-08-26 11:56 - 00000000 ____D C:\Users\ant\AppData\Local\Cornelsen Schulverlage
2013-08-26 09:49 - 2013-12-24 10:30 - 00000000 ____D C:\Program Files\Adobe

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 12:06

==================== End Of Log ============================

--- --- ---

--- --- ---

Hi, ich habe jetzt auch noch mal auf allen accounts Malwarebytes Flash-Scan durchlaufen lassen (der hatte ja zuvor die Probleme noch gezeigt) und in allen accounts ist jetzt nichts mehr zu finden.

Es sieht bis hierhin schon mal sehr gut aus !!!!

Dankeschön !

schrauber · 22.09.2013, 18:57

Java und Adobe updaten.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hartnäckige Tasks (Trojan.FraudPack & Trojan.Downloader lt. Malwarebytes Anti-Malware)

Log-Analyse und Auswertung: Hartnäckige Tasks (Trojan.FraudPack & Trojan.Downloader lt. Malwarebytes Anti-Malware)