| |
| |||||||
Log-Analyse und Auswertung: Browser laden extrem langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.01.2014, 16:01
| #1 |
 |  Browser laden extrem langsam Hallo, seit einige Tagen laden meine Browser die Internetseiten extrem langsam. Den defogger habe ich laufen lassen, genau wie frst und gmer. Hier sind die logs: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2014
Ran by *** (administrator) on ***-PC on 10-01-2014 10:50:52
Running from C:\Users\***\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SANDBOXIE L.T.D) C:\Users\***\Desktop\Tools\SbieSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) D:\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SANDBOXIE L.T.D) C:\Users\***\Desktop\Tools\SbieCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Spotify Ltd) C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SANDBOXIE L.T.D) C:\Users\***\Desktop\Tools\SandboxieRpcSs.exe
(SANDBOXIE L.T.D) C:\Users\***\Desktop\Tools\SandboxieDcomLaunch.exe
(Opera Software) C:\Users\***\AppData\Local\temp\D\18.0.1284.63\opera.exe
() C:\Users\***\AppData\Local\temp\D\18.0.1284.63\opera_crashreporter.exe
(Opera Software) C:\Users\***\AppData\Local\temp\D\18.0.1284.63\opera.exe
() C:\Users\***\AppData\Local\temp\D\18.0.1284.63\opera_autoupdate.exe
(Opera Software) C:\Users\***\AppData\Local\temp\D\18.0.1284.63\opera.exe
(appsmaker) C:\Program Files\Common Files\OptimalSuite Common\AMDSrv.exe
(SANDBOXIE L.T.D) C:\Users\***\Desktop\Tools\SandboxieCrypto.exe
(Opera Software) C:\Users\***\AppData\Local\temp\D\18.0.1284.63\opera.exe
(Opera Software) C:\Users\***\AppData\Local\temp\D\18.0.1284.63\opera.exe
(SANDBOXIE L.T.D) C:\Users\***\Desktop\Tools\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [WPCUMI] - C:\Windows\System32\wpcumi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] - D:\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [SandboxieControl] - C:\Users\***\Desktop\Tools\SbieCtrl.exe [409320 2011-03-24] (SANDBOXIE L.T.D)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-14] (Spotify Ltd)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Policies\system: [LogonHoursAction] 2
HKU\Default\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Policies\system: [LogonHoursAction] 2
HKU\Default User\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Gast\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=119357&babsrc=HP_ss_din2g&mntrId=F62900215D3698EE
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=119357&babsrc=HP_ss_din2g&mntrId=F62900215D3698EE
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
SearchScopes: HKCU - DefaultScope {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&babsrc=SP_ss&mntrId=F62900215D3698EE
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: Plus-HD-2.3 - {11111111-1111-1111-1111-110311341126} - C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-bho.dll (Plus HD)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - D:\iFinger\plugins\IE.ifp (iFinger Ltd)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 10 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 11 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 12 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 13 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 14 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 15 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 16 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 17 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 28 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 29 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default
FF user.js: detected! => C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - D:\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - D:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - D:\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_43 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @palmsource.com/installer,version=1.0 - D:\PACKAG~1\NPInstal.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\searchplugins-backup
FF Extension: Plus-HD-2.3 - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\Extensions\nostmp
FF Extension: Microsoft .NET Framework Assistant - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF HKCU\...\Firefox\Extensions: [{C3B2959E-301D-47E5-A440-2C797569D4F6}] - C:\Users\***\AppData\Local\{C3B2959E-301D-47E5-A440-2C797569D4F6}
========================== Services (Whitelisted) =================
S2 0151251305193992mcinstcleanup; C:\Program Files\Common Files\McAfee\Installer\cleanup.ini [1341 2011-05-12] ()
R2 AMOptimalDiskService; C:\Program Files\Common Files\OptimalSuite Common\AMDSrv.exe [5216624 2010-12-17] (appsmaker)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-08-23] (Cisco Systems, Inc.)
S4 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [247096 2010-09-06] ()
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] ()
R2 SbieSvc; C:\Users\***\Desktop\Tools\SbieSvc.exe [72936 2011-03-24] (SANDBOXIE L.T.D)
S4 Secunia PSI Agent; C:\Users\***\Desktop\Tools\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
S4 Secunia Update Agent; C:\Users\***\Desktop\Tools\PSI\sua.exe [399416 2011-04-19] (Secunia)
S3 SpeedBoosterSvc; C:\Program Files\Common Files\OptimalSuite Common\BoostService.exe [2318192 2010-12-17] (appsmaker)
S4 StkSSrv; C:\Windows\System32\StkCSrv.exe [31248 2008-01-16] (Syntek America Inc.)
S2 F-Secure Gatekeeper Handler Starter; "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe" [x]
S2 FSMA; "C:\Program Files\F-Secure\Common\FSMA32.EXE" [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-28] (Avira Operations GmbH & Co. KG)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-08-23] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [57112 2011-03-28] (Paragon Software Group)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-06-25] (SAMSUNG ELECTRONICS CO., LTD.)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 SbieDrv; C:\Users\***\Desktop\Tools\SbieDrv.sys [126696 2011-03-24] (SANDBOXIE L.T.D)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-12-31] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1363088 2008-03-28] (Syntek)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [40824 2011-03-28] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [381032 2011-03-28] (Paragon)
S2 adfs; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\***\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U2 TMAgent;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-10 10:50 - 2014-01-10 10:51 - 00017006 _____ C:\Users\***\Downloads\FRST.txt
2014-01-10 10:50 - 2014-01-10 10:50 - 00000000 ____D C:\FRST
2014-01-10 10:48 - 2014-01-10 10:48 - 01066141 _____ (Farbar) C:\Users\***\Downloads\FRST.exe
2014-01-10 10:38 - 2014-01-10 10:39 - 00000628 _____ C:\Windows\system32\defogger_disable.log
2014-01-10 10:38 - 2014-01-10 10:39 - 00000020 _____ C:\Users\***\defogger_reenable
2014-01-10 10:37 - 2014-01-10 10:37 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-12-22 17:42 - 2013-12-22 17:42 - 00000680 _____ C:\Users\***\AppData\Local\d3d9caps.dat
2013-12-20 10:41 - 2013-12-20 10:41 - 00860731 _____ C:\Users\***\Documents\Präsentation Störung des Sozialverhaltens.pptx
2013-12-14 13:10 - 2013-12-14 13:10 - 00000000 ____H C:\Users\***\Documents\Default.rdp
2013-12-13 16:18 - 2013-12-13 16:18 - 00000000 ____D C:\Users\***\restore
2013-12-13 16:05 - 2013-12-16 23:08 - 00000000 ____D C:\ProgramData\tmp
2013-12-13 16:05 - 2013-12-15 20:59 - 00000000 ____D C:\ProgramData\hps
2013-12-13 16:05 - 2013-12-13 16:05 - 00001102 _____ C:\Users\Public\Desktop\OnlineFotoservice.lnk
2013-12-13 16:05 - 2013-12-13 16:05 - 00001087 _____ C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2013-12-13 15:59 - 2013-12-13 15:59 - 00000000 ____D C:\Program Files\OnlineFotoservice
2013-12-13 15:56 - 2013-12-13 15:56 - 01627552 _____ C:\Users\***\Downloads\setup_OnlineFotoservice.exe
2013-12-13 11:22 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 11:22 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 11:22 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 11:22 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 11:22 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 11:22 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 11:22 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-13 11:22 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 11:22 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-13 11:22 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-13 11:22 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 11:22 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-13 11:22 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 11:22 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-13 11:22 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 11:22 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 21:03 - 2013-12-12 21:03 - 00915368 _____ (Oracle Corporation) C:\Users\***\Downloads\jxpiinstall.exe
2013-12-12 20:47 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-12 20:47 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 20:47 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 20:47 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 20:47 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 20:47 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 20:47 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 20:47 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-12 20:47 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 20:47 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
==================== One Month Modified Files and Folders =======
2014-01-10 10:51 - 2014-01-10 10:50 - 00017006 _____ C:\Users\***\Downloads\FRST.txt
2014-01-10 10:50 - 2014-01-10 10:50 - 00000000 ____D C:\FRST
2014-01-10 10:48 - 2014-01-10 10:48 - 01066141 _____ (Farbar) C:\Users\***\Downloads\FRST.exe
2014-01-10 10:47 - 2013-07-12 15:47 - 00001178 _____ C:\Windows\Tasks\Plus-HD-2.3-updater.job
2014-01-10 10:47 - 2013-07-12 15:47 - 00001082 _____ C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2014-01-10 10:47 - 2013-07-12 15:46 - 00001182 _____ C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2014-01-10 10:47 - 2008-10-06 15:23 - 01239195 _____ C:\Windows\WindowsUpdate.log
2014-01-10 10:47 - 2006-11-02 13:47 - 00004784 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-10 10:47 - 2006-11-02 13:47 - 00004784 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-10 10:46 - 2013-07-12 15:46 - 00001878 _____ C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2014-01-10 10:46 - 2013-07-12 15:46 - 00001802 _____ C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2014-01-10 10:46 - 2013-06-07 09:57 - 00000278 _____ C:\Windows\Tasks\DSite.job
2014-01-10 10:42 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-10 10:39 - 2014-01-10 10:38 - 00000628 _____ C:\Windows\system32\defogger_disable.log
2014-01-10 10:39 - 2014-01-10 10:38 - 00000020 _____ C:\Users\***\defogger_reenable
2014-01-10 10:39 - 2008-06-25 22:08 - 00000012 _____ C:\Windows\bthservsdp.dat
2014-01-10 10:39 - 2006-11-02 14:01 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-10 10:38 - 2008-12-24 17:10 - 00000000 ____D C:\Users\***
2014-01-10 10:37 - 2014-01-10 10:37 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2014-01-10 10:36 - 2009-06-07 19:30 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2014-01-10 09:58 - 2012-04-04 05:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-05 22:50 - 2011-05-13 16:48 - 00004078 _____ C:\Windows\Sandboxie.ini
2014-01-05 22:50 - 2009-01-26 16:57 - 00000376 _____ C:\Windows\Tasks\DriverCure.job
2014-01-05 22:48 - 2010-06-22 00:47 - 00000440 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2014-01-05 22:48 - 2009-01-26 17:00 - 00000438 _____ C:\Windows\Tasks\ParetoLogic Registration.job
2014-01-03 11:26 - 2013-10-18 16:50 - 00000000 ____D C:\Users\***\AppData\Roaming\Spotify
2014-01-02 21:02 - 2009-01-26 16:56 - 00000000 ____D C:\ProgramData\DriverCure
2013-12-31 11:33 - 2009-01-26 16:57 - 00000412 _____ C:\Windows\Tasks\ParetoLogic Update Version2.job
2013-12-23 12:34 - 2008-06-25 06:36 - 00345282 _____ C:\ProgramData\nvModes.001
2013-12-22 17:42 - 2013-12-22 17:42 - 00000680 _____ C:\Users\***\AppData\Local\d3d9caps.dat
2013-12-22 12:46 - 2013-07-28 18:46 - 00000104 _____ C:\Users\***\AppData\Roaming\WB.CFG
2013-12-22 11:55 - 2013-10-18 16:51 - 00000000 ____D C:\Users\***\AppData\Local\Spotify
2013-12-20 12:38 - 2006-11-02 11:33 - 01485618 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-20 12:35 - 2013-08-02 15:08 - 00002470 _____ C:\Windows\setupact.log
2013-12-20 10:41 - 2013-12-20 10:41 - 00860731 _____ C:\Users\***\Documents\Präsentation Störung des Sozialverhaltens.pptx
2013-12-18 19:21 - 2013-08-24 13:42 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 19:21 - 2013-08-24 13:42 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-16 23:08 - 2013-12-13 16:05 - 00000000 ____D C:\ProgramData\tmp
2013-12-15 20:59 - 2013-12-13 16:05 - 00000000 ____D C:\ProgramData\hps
2013-12-14 21:37 - 2008-12-24 23:45 - 00114176 _____ C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-14 21:32 - 2009-01-05 22:07 - 00000000 ____D C:\Users\Public\Desktop\Bilder
2013-12-14 13:10 - 2013-12-14 13:10 - 00000000 ____H C:\Users\***\Documents\Default.rdp
2013-12-13 16:18 - 2013-12-13 16:18 - 00000000 ____D C:\Users\***\restore
2013-12-13 16:05 - 2013-12-13 16:05 - 00001102 _____ C:\Users\Public\Desktop\OnlineFotoservice.lnk
2013-12-13 16:05 - 2013-12-13 16:05 - 00001087 _____ C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2013-12-13 15:59 - 2013-12-13 15:59 - 00000000 ____D C:\Program Files\OnlineFotoservice
2013-12-13 15:56 - 2013-12-13 15:56 - 01627552 _____ C:\Users\***\Downloads\setup_OnlineFotoservice.exe
2013-12-13 13:29 - 2013-08-15 22:20 - 00000000 ____D C:\Windows\system32\MRT
2013-12-13 13:13 - 2006-11-02 13:47 - 02313400 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-13 11:28 - 2008-06-25 06:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-13 11:23 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-12 21:03 - 2013-12-12 21:03 - 00915368 _____ (Oracle Corporation) C:\Users\***\Downloads\jxpiinstall.exe
Files to move or delete:
====================
C:\Users\***\FreeYouTubeToMP3Converter.exe
Some content of TEMP:
====================
C:\Users\***\AppData\Local\temp\avgnt.exe
C:\Users\***\AppData\Local\temp\SkypeSetup.exe
C:\Users\***\AppData\Local\temp\uninst1.exe
C:\Users\***\AppData\Local\temp\Update_Permissions_FantaUp.exe
C:\Users\***\AppData\Local\temp\wajam_install.exe
C:\Users\***\AppData\Local\temp\WZCPlugin_VISTA.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-10 10:48
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-01-2014
Ran by *** at 2014-01-10 10:51:45
Running from C:\Users\***\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (Version: - Microsoft)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
AAC Decoder (Version: 7.1.0 - DivX, Inc.)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (Version: 1.2.443 - Adobe Systems Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.7.0.1860 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) - Deutsch (Version: 10.1.6 - Adobe Systems Incorporated)
Agere Systems HDA Modem (Version: - Agere Systems)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
appsmaker AppBooster 2.0 (Version: - appsmaker)
Atheros WLAN Client (Version: 1.00.000 - )
Audiograbber 1.83 SE (Version: 1.83 SE - Audiograbber Deutschland)
AutoUpdate (Version: 1.1 - )
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CDBurnerXP (Version: 4.3.8.2631 - CDBurnerXP)
Cisco Systems VPN Client 5.0.06.0110 (Version: 5.0.6 - Cisco Systems, Inc.)
CloneSpy 2.63 (Version: - CloneSpy)
DivX Codec (Version: 6.9.1 - DivX, Inc.)
DivX Converter (Version: 7.1.0 - DivX, Inc.)
DivX Player (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (Version: - DivX, Inc.)
DivX Plus Web Player (Version: 2.0.0 - DivX,Inc.)
DivX Version Checker (Version: 7.1.0.9 - DivX, Inc.)
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname)
Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden
EasyBits GO (Version: - EasyBits Media)
EPSON Scan (Version: - )
EPSON-Drucker-Software (Version: - SEIKO EPSON Corporation)
FileHippo.com Update Checker (Version: - )
Free YouTube to MP3 Converter version 3.11.37.1212 (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
F-Secure PSC Prerequisites (Version: 1.0.5 - F-Secure Corporation) Hidden
Gehirnjogging 5 (Version: 1.1 - SBT)
H.264 Decoder (Version: 1.1.0 - DivX, Inc.)
HP Update (Version: 5.005.000.001 - Hewlett-Packard)
IBM SPSS Statistics 21 (Version: 21.0.0.0 - IBM Corp)
iCloud (Version: 2.1.2.8 - Apple Inc.)
ICQ7.5 (Version: 7.5 - ICQ)
iFinger (Version: 1.2 - iFinger Ltd.)
iFinger 2.1 (Version: 2.1.2.1 - iFinger Ltd.)
imagine digital freedom - Samsung (Version: 1.0.2.0 - Samsung Electronics Co., LTD)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (Version: 12.00.2000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (Version: - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional mit FrontPage (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 2.0 SP2 (Version: 623.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mixxx 1.10.0 (Version: 1.10.0 - The Mixxx Team)
Mixxx 1.8.2 (Version: 1.8.2 - The Mixxx Team)
MKV Splitter (Version: 1.0.1 - DivX, Inc.)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (Version: 24.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (Version: - )
OCR Software by I.R.I.S. 10.0 (Version: 10.0 - HP)
OnlineFotoservice (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Opera Stable 18.0.1284.63 (Version: 18.0.1284.63 - Opera Software ASA)
Paragon Backup & Recovery™ 2011 Free (Version: 90.00.0003 - Paragon Software)
ParetoLogic DriverCure (Version: 1.6.1.0 - ParetoLogic, Inc.)
PASW Statistics 18 (Version: 18.0.0 - SPSS Inc.)
Picasa 3 (Version: 3.9 - Google, Inc.)
Plus-HD-2.3 (Version: 1.27.153.8 - Plus HD) <==== ATTENTION
PokerStars (Version: - PokerStars)
printeria (Version: 4.0 - infowerk)
Pro Evolution Soccer 2009 (Version: 1.20.0000 - KONAMI)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
Samsung Magic Doctor (Version: 5.00 - Samsung Electronics Co., LTD)
Samsung Recovery Solution III (Version: 3.0.0.5 - Samsung)
Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden
Sandboxie 3.54 (32-bit) (Version: - )
Secunia PSI (2.0.0.3003) (Version: - )
SecureW2 EAP Suite 1.1.3 for Windows (Version: - )
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (Version: 0.9.6.81.gd359a796 - Spotify AB)
Synaptics Pointing Device Driver (Version: 10.1.2.0 - Synaptics)
Uninstall 1.0.0.1 (Version: - )
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft)
Update for Zip Opener (Version: - )
Update für Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
USB2.0 UVC 1.3M WebCam (Version: - )
USB2.0 UVC WebCam (Version: 6.11.706.012 - D-MAX)
User Guide (Version: 1.0 - )
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
VLC media player 1.1.9 (Version: 1.1.9 - VideoLAN)
VoipDiscount (Version: 4.03 build 533 - Finarea S.A. Switzerland)
WIDCOMM Bluetooth Software 6.0.1.6300 (Version: 6.0.1.6300 - WIDCOMM, Inc.)
WinRAR 4.01 beta 1 (32-bit) (Version: 4.01.1 - win.rar GmbH)
==================== Restore Points =========================
03-01-2014 10:07:48 Geplanter Prüfpunkt
04-01-2014 14:23:45 Geplanter Prüfpunkt
10-01-2014 09:17:44 Removed Microsoft Silverlight
==================== Hosts content: ==========================
2006-11-02 11:23 - 2011-05-12 11:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {04759B06-882E-45ED-A7E9-0A8C8BEC20BB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0AA60ADE-1999-4F56-A1B9-EF09CA2714C6} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-04] (Samsung Electronics Co., Ltd.)
Task: {14D83CBE-F5C5-4254-970F-9202D20ABC4D} - System32\Tasks\{B0B31178-75D3-45CC-BA46-2A92AC03E8F8} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2EEA365E-8652-470B-AFAB-815AC72D6B36} - System32\Tasks\Plus-HD-2.3-firefoxinstaller => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe [2013-07-12] (Plus HD) <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3AD12BF7-CB64-4BF8-B9FC-D08269B62EC1} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21] ()
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3BF21754-5301-404B-A0D3-64A41E86CB43} - System32\Tasks\Plus-HD-2.3-updater => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-updater.exe [2013-07-12] (Plus HD) <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {458C16FF-D85C-4348-8169-0E76173E8069} - System32\Tasks\QtraxPlayer => C:\Program Files\Microsoft Silverlight\sllauncher.exe
Task: {4A16F225-45A2-42C9-A9E5-56CE27B4ACB7} - System32\Tasks\DSite => C:\Users\***\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-07-12] () <==== ATTENTION
Task: {5AAB73A8-B2EA-4285-80F3-814F1AE6E429} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {5D884745-E4D1-49EB-9B1F-E794654B6082} - System32\Tasks\DriverCure => C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28] (ParetoLogic)
Task: {6B43C8A5-E3B2-4491-BF56-3568EED0CE96} - System32\Tasks\Plus-HD-2.3-codedownloader => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [2013-07-12] (Plus HD) <==== ATTENTION
Task: {707F82DD-80E9-4F03-85E0-73F807D6FC32} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-15] (Adobe Systems Incorporated)
Task: {7FB68F23-5908-4585-8329-451B44A313FC} - System32\Tasks\Plus-HD-2.3-enabler => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-enabler.exe [2013-07-12] (Plus HD) <==== ATTENTION
Task: {850E7690-B02C-4D6A-8167-332B1FA6604B} - System32\Tasks\DealPly => C:\Users\***\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {90F644F2-3066-455B-B634-566203BB0770} - System32\Tasks\EPUpdater => C:\Users\***\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-05-09] () <==== ATTENTION
Task: {91707E58-70DA-4113-A761-CA808850A8ED} - System32\Tasks\Plus-HD-2.3-chromeinstaller => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe [2013-07-12] (Plus HD) <==== ATTENTION
Task: {B8396BF5-A41E-43E6-B5B1-DC43E888DD14} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverCure.job => C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\***\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-enabler.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-updater.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-updater.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2008-06-25 06:30 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
2010-03-24 15:47 - 2010-03-24 15:47 - 00059904 _____ () D:\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-12 20:59 - 2013-12-06 13:40 - 00879968 _____ () C:\Users\***\AppData\Local\temp\D\18.0.1284.63\ffmpegsumo.dll
2013-12-12 20:59 - 2013-12-06 13:40 - 00886112 _____ () C:\Users\***\AppData\Local\temp\D\18.0.1284.63\libglesv2.dll
2013-12-12 20:59 - 2013-12-06 13:40 - 00108896 _____ () C:\Users\***\AppData\Local\temp\D\18.0.1284.63\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/10/2014 10:42:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/10/2014 08:52:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/09/2014 09:09:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/09/2014 09:35:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/07/2014 08:50:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/06/2014 09:11:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/04/2014 01:44:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 10:02:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/30/2013 10:23:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/30/2013 01:32:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/10/2014 10:45:32 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (01/10/2014 10:43:34 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/10/2014 10:42:42 AM) (Source: Service Control Manager) (User: )
Description: adfs%%2
Error: (01/10/2014 10:42:42 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (01/10/2014 08:55:42 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (01/10/2014 08:53:42 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/10/2014 08:52:50 AM) (Source: Service Control Manager) (User: )
Description: adfs%%2
Error: (01/10/2014 08:52:50 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (01/09/2014 09:10:35 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (01/09/2014 09:09:39 PM) (Source: Service Control Manager) (User: )
Description: adfs%%2
Microsoft Office Sessions:
=========================
Error: (10/19/2012 10:52:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (06/07/2012 11:57:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1123 seconds with 120 seconds of active time. This session ended with a crash.
Error: (07/25/2011 09:39:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2131 seconds with 1140 seconds of active time. This session ended with a crash.
Error: (05/11/2011 03:05:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 561 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/11/2011 02:48:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 690 seconds with 60 seconds of active time. This session ended with a crash.
Error: (05/11/2011 01:54:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22122 seconds with 1140 seconds of active time. This session ended with a crash.
Error: (04/12/2011 08:05:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 62 seconds with 60 seconds of active time. This session ended with a crash.
Error: (04/12/2011 08:03:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/12/2011 08:01:56 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 903 seconds with 240 seconds of active time. This session ended with a crash.
Error: (03/24/2011 06:06:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 49%
Total physical RAM: 3065.88 MB
Available physical RAM: 1544.59 MB
Total Pagefile: 6338.87 MB
Available Pagefile: 4460.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.14 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:144.09 GB) (Free:9.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:144 GB) (Free:101.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 3A21C8C8)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
==================== End Of Log ========================
|
|
10.01.2014, 16:03
| #2 |
| | Browser laden extrem langsam und der gmer-log:
__________________Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-10 15:37:31
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\xxx\AppData\Local\Temp\uwldypow.sys
---- System - GMER 2.1 ----
SSDT 9285316E ZwCreateSection
SSDT 92853178 ZwRequestWaitReplyPort
SSDT 92853173 ZwSetContextThread
SSDT 9285317D ZwSetSecurityObject
SSDT 92853182 ZwSystemDebugControl
SSDT 9285310F ZwTerminateProcess
Code A6924BFC ZwTraceEvent
Code A6924BFB NtTraceEvent
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!NtTraceEvent 84885F94 5 Bytes JMP A6924C00
.text ntoskrnl.exe!KeInsertQueue + 405 848B790C 4 Bytes [6E, 31, 85, 92]
.text ntoskrnl.exe!KeInsertQueue + 729 848B7C30 4 Bytes [78, 31, 85, 92]
.text ntoskrnl.exe!KeInsertQueue + 75D 848B7C64 4 Bytes [73, 31, 85, 92]
.text ntoskrnl.exe!KeInsertQueue + 7C1 848B7CC8 4 Bytes [7D, 31, 85, 92]
.text ntoskrnl.exe!KeInsertQueue + 809 848B7D10 4 Bytes [82, 31, 85, 92] {XOR BYTE [ECX], 0x85; XCHG EDX, EAX}
.text ...
PAGE ntoskrnl.exe!NtRequestPort + 2 84A0CBD5 5 Bytes JMP A6924CA0
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 2 84A64FFA 5 Bytes JMP A6924DE0
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90C06340, 0x3E9407, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!RtlAdjustPrivilege 77EEAB02 5 Bytes JMP 00402010 C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!LdrLoadDll 77EF9378 5 Bytes JMP 7D244EB0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!RtlSetCurrentDirectory_U 77EFDD00 5 Bytes JMP 7D236FCF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!RtlCreateProcessParametersEx 77EFDFE3 5 Bytes JMP 7D2468FC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!RtlGetCurrentDirectory_U 77F04BF5 5 Bytes JMP 7D236D9B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!LdrUnloadDll 77F0B680 5 Bytes JMP 7D244F92 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtAdjustPrivilegesToken 77F33F64 5 Bytes JMP 7D24E694 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtAlpcConnectPort 77F33FF4 5 Bytes JMP 7D23F05C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtAlpcCreatePort 77F34004 5 Bytes JMP 7D23EF32 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtAlpcImpersonateClientOfPort 77F340A4 5 Bytes JMP 7D23E323 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtAlpcQueryInformation 77F340D4 5 Bytes JMP 7D23E198 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtAlpcQueryInformationMessage 77F340E4 5 Bytes JMP 7D23E1C2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtClose 77F341A4 5 Bytes JMP 7D236B60 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtConnectPort 77F34204 5 Bytes JMP 7D23EC14 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtCreateEvent 77F34244 5 Bytes JMP 7D23F23F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtCreateFile 77F34264 5 Bytes JMP 7D2372AF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtCreateKey 77F342A4 5 Bytes JMP 7D242BFE C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtCreateMailslotFile 77F342C4 5 Bytes JMP 7D234F7C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtCreateMutant 77F342D4 5 Bytes JMP 7D23F507 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtCreateNamedPipeFile 77F342E4 5 Bytes JMP 7D2350AB C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtCreatePort 77F34314 5 Bytes JMP 7D23EADB C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtCreateSection 77F34354 5 Bytes JMP 7D23FA88 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtCreateSemaphore 77F34364 5 Bytes JMP 7D23F7C0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtDeleteFile 77F34644 5 Bytes JMP 7D23242F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtDeleteKey 77F34654 5 Bytes JMP 7D24355A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtDeleteValueKey 77F34684 5 Bytes JMP 7D244103 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtDuplicateObject 77F346B4 5 Bytes JMP 7D24E378 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtEnumerateKey 77F346F4 5 Bytes JMP 7D243889 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtEnumerateValueKey 77F34724 5 Bytes JMP 7D243DC4 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtFsControlFile 77F34804 5 Bytes JMP 7D2367FC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtImpersonateClientOfPort 77F34874 5 Bytes JMP 7D23E2FD C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtLoadDriver 77F348F4 5 Bytes JMP 7D245035 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtLoadKey 77F34904 5 Bytes JMP 7D242287 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtMapViewOfSection 77F349B4 5 Bytes JMP 7D24522F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtNotifyChangeKey 77F349F4 5 Bytes JMP 7D242A14 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtNotifyChangeMultipleKeys 77F34A04 5 Bytes JMP 7D241F42 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtOpenEvent 77F34A24 5 Bytes JMP 7D23F3A3 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtOpenFile 77F34A44 5 Bytes JMP 7D237E88 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtOpenKey 77F34A74 5 Bytes JMP 7D2434EE C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtOpenMutant 77F34A94 5 Bytes JMP 7D23F65C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtOpenProcess 77F34AC4 5 Bytes JMP 7D24E2B2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtOpenSection 77F34AF4 5 Bytes JMP 7D23FC04 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtOpenSemaphore 77F34B04 5 Bytes JMP 7D23F924 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtOpenThread 77F34B34 5 Bytes JMP 7D24E32A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtQueryAttributesFile 77F34BE4 5 Bytes JMP 7D232374 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtQueryDirectoryFile 77F34C44 5 Bytes JMP 7D23690C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtQueryFullAttributesFile 77F34C94 5 Bytes JMP 7D234584 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtQueryInformationFile 77F34CB4 5 Bytes JMP 7D235FF7 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtQueryKey 77F34D44 5 Bytes JMP 7D243570 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtQueryMultipleValueKey 77F34D54 5 Bytes JMP 7D243F0E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtQuerySecurityObject 77F34DD4 5 Bytes JMP 7D24E43E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtQuerySystemInformation 77F34E24 5 Bytes JMP 7D251686 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtQueryValueKey 77F34E64 5 Bytes JMP 7D243C06 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtQueryVolumeInformationFile 77F34E84 5 Bytes JMP 7D237048 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtReadFile 77F34EC4 5 Bytes JMP 7D22FC9B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtRenameKey 77F34F54 5 Bytes JMP 7D242267 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtSaveKey 77F35054 5 Bytes JMP 7D22D84B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtSecureConnectPort 77F35084 5 Bytes JMP 7D23ED87 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtSetInformationFile 77F35174 5 Bytes JMP 7D237D03 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtSetInformationProcess 77F351B4 5 Bytes JMP 00402050 C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtSetInformationToken 77F351D4 5 Bytes JMP 7D24E664 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtSetSecurityObject 77F35244 5 Bytes JMP 7D24E53D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtSetValueKey 77F352E4 5 Bytes JMP 7D2428EF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!NtWriteFile 77F354D4 5 Bytes JMP 7D22FD6A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!RtlGetFullPathName_U 77F39520 5 Bytes JMP 7D2357D2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ntdll.dll!RtlCreateProcessParameters 77F66B2C 5 Bytes JMP 7D2468C9 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] kernel32.dll!CreateProcessW 77BD1BF3 5 Bytes JMP 7D24845D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] kernel32.dll!CreateProcessA 77BD1C28 5 Bytes JMP 7D2481DE C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] kernel32.dll!DefineDosDeviceA 77BD2AFA 5 Bytes JMP 7D23249F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] kernel32.dll!DefineDosDeviceW 77BE855C 5 Bytes JMP 7D23249F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] kernel32.dll!CreateActCtxW 77BEC7A9 5 Bytes JMP 7D2533BB C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] kernel32.dll!MoveFileWithProgressW 77BF112C 5 Bytes JMP 7D232477 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] kernel32.dll!CreateFileMappingW 77BF1170 5 Bytes JMP 00402340 C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] kernel32.dll!WinExec 77C6614F 5 Bytes JMP 7D247386 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] kernel32.dll!SetLocaleInfoA 77C7C7AF 5 Bytes JMP 7D23249F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] kernel32.dll!SetLocaleInfoW 77C7DF85 5 Bytes JMP 7D23249F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!StartServiceCtrlDispatcherA 76462036 5 Bytes JMP 7D24B5D0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!RegisterServiceCtrlHandlerA 7646308C 5 Bytes JMP 7D24A1F0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!RegisterServiceCtrlHandlerExA 76466678 5 Bytes JMP 7D24A209 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!ReportEventA 76469FD3 5 Bytes JMP 7D24A48C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!StartServiceA 7646A24D 5 Bytes JMP 7D24CC2D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 7D247F3A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!StartServiceCtrlDispatcherW 7646E495 5 Bytes JMP 00401B00 C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!RegisterServiceCtrlHandlerW 7646E988 5 Bytes JMP 7D24A1F0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!SetServiceStatus 7646F20C 5 Bytes JMP 004019E0 C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!RegisterServiceCtrlHandlerExW 7646FB59 5 Bytes JMP 7D24A209 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!NotifyServiceStatusChange 76474A82 5 Bytes JMP 7D24B13A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!RegConnectRegistryW 76474CC8 5 Bytes JMP 7D2286D1 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!ReportEventW 76476047 5 Bytes JMP 7D24A48C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!RegisterEventSourceW 76478A01 5 Bytes JMP 7D24A420 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!RegisterEventSourceA 7647D306 5 Bytes JMP 7D24A435 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!DeregisterEventSource 76481BCD 5 Bytes JMP 7D238E9D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 7D247CF2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!OpenSCManagerA 76482D93 5 Bytes JMP 7D24A521 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!OpenServiceA 76482EBD 5 Bytes JMP 7D24CE2A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!StartServiceW 76483E0B 5 Bytes JMP 00401D90 C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!QueryServiceStatusEx 76484FFE 5 Bytes JMP 00401C40 C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!QueryServiceConfigW 764850A4 5 Bytes JMP 7D24BDBD C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!QueryServiceConfigA 764851AD 5 Bytes JMP 7D24BFE2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!LookupAccountNameW 76485CF5 5 Bytes JMP 7D228624 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!OpenSCManagerW 76487137 5 Bytes JMP 7D24A521 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CloseServiceHandle 764882A5 5 Bytes JMP 00401C00 C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!OpenServiceW 76488354 5 Bytes JMP 00401B40 C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!QueryServiceStatus 7648842C 5 Bytes JMP 00401D30 C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!SetThreadToken 76488E21 5 Bytes JMP 004020C0 C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!AccessCheckByType 76492DC1 5 Bytes JMP 00402090 C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!GetTokenInformation 764A8069 5 Bytes JMP 00402190 C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CreateServiceW 764A9EB4 5 Bytes JMP 7D24D332 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!ControlService 764A9FB8 5 Bytes JMP 00401DF0 C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!DeleteService 764AA07E 5 Bytes JMP 7D24CA6E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!GetServiceDisplayNameW 764AB0B3 5 Bytes JMP 7D24C387 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!GetServiceKeyNameW 764AB164 5 Bytes JMP 7D24C4BE C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!EnumServicesStatusExA 764AB31B 5 Bytes JMP 7D24D2F3 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CreateProcessWithTokenW 764C80F7 5 Bytes JMP 7D24820F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CredWriteA 764C9DC9 5 Bytes JMP 7D22BF5E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CredWriteW 764C9E89 5 Bytes JMP 7D22B9DA C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CredReadA 764C9F4B 5 Bytes JMP 7D22BFF6 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CredReadW 764CA031 5 Bytes JMP 7D22BA55 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CredEnumerateA 764CA121 5 Bytes JMP 7D22C036 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CredEnumerateW 764CA229 5 Bytes JMP 7D22BD2F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CredWriteDomainCredentialsA 764CA331 5 Bytes JMP 7D22BF84 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CredWriteDomainCredentialsW 764CA419 5 Bytes JMP 7D22BB04 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CredReadDomainCredentialsA 764CA501 5 Bytes JMP 7D22C016 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CredReadDomainCredentialsW 764CA609 5 Bytes JMP 7D22BBE0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CredDeleteA 764CA711 5 Bytes JMP 7D22BFD0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CredDeleteW 764CA7C9 5 Bytes JMP 7D22BCF1 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CredRenameA 764CA881 5 Bytes JMP 7D22BF38 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!RegConnectRegistryA 764E2DE1 5 Bytes JMP 7D2286A0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!EnumServicesStatusExW 764E6909 5 Bytes JMP 7D24D2B4 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!EnumServicesStatusA 764E6B47 5 Bytes JMP 7D24D287 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!QueryServiceObjectSecurity 764E6C21 5 Bytes JMP 7D24B031 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 764E6CD9 5 Bytes JMP 7D24B117 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!ChangeServiceConfigA 764E6DD9 5 Bytes JMP 7D24C87B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!ChangeServiceConfigW 764E6F81 5 Bytes JMP 7D24C6BD C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 764E7099 5 Bytes JMP 7D24CA60 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 764E71E1 5 Bytes JMP 7D24CA27 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!CreateServiceA 764E72A1 5 Bytes JMP 7D24D50E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!EnumDependentServicesA 764E7505 5 Bytes JMP 7D24A110 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!EnumDependentServicesW 764E75D9 5 Bytes JMP 7D24A110 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!GetServiceDisplayNameA 764E76B1 5 Bytes JMP 7D24C40A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!GetServiceKeyNameA 764E7759 5 Bytes JMP 7D24C5B1 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!LockServiceDatabase 764E7801 5 Bytes JMP 7D24A12D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!QueryServiceConfig2A 764E7891 5 Bytes JMP 7D24C216 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!QueryServiceConfig2W 764E7A19 5 Bytes JMP 7D24C16A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!QueryServiceLockStatusA 764E7BA1 5 Bytes JMP 7D24A0CC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!QueryServiceLockStatusW 764E7C49 5 Bytes JMP 7D24A0CC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!UnlockServiceDatabase 764E7CF1 5 Bytes JMP 7D24A153 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ADVAPI32.dll!EnumServicesStatusW 764E7F61 5 Bytes JMP 7D24D25A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] RPCRT4.dll!RpcBindingInqAuthClientExW 773A73FC 5 Bytes JMP 7D24871D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!RegisterDeviceNotificationA 779560FE 5 Bytes JMP 7D238E88 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!RegisterClassExA 779561E1 5 Bytes JMP 7D239E8D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SetWindowsHookExA 77956322 5 Bytes JMP 7D23C387 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!UnregisterDeviceNotification 77956713 5 Bytes JMP 7D238E9D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!GetClassNameA 77956853 5 Bytes JMP 7D239953 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!CreateDialogIndirectParamAorW 77957266 5 Bytes JMP 7D23CDEF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!CreateDialogParamW 779572A2 5 Bytes JMP 7D23CF23 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!EnumDesktopWindows 77957525 5 Bytes JMP 7D23ACDE C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SetWindowsHookExW 779587AD 5 Bytes JMP 7D23C3CF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SendNotifyMessageW 779593D6 5 Bytes JMP 7D23BD78 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!MoveWindow 7795989F 5 Bytes JMP 7D238D6D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!UnhookWindowsHookEx 779598DB 5 Bytes JMP 7D23C144 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!FindWindowA 77959D76 5 Bytes JMP 7D23AE6B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SetParent 7795A2AA 5 Bytes JMP 7D238D3D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!UnregisterClassA 7795BF81 5 Bytes JMP 7D23A0F8 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!RegisterClassExW 7795DA30 5 Bytes JMP 7D239DDA C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!DefWindowProcA 7795DB88 5 Bytes JMP 7D238CB0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!CreateWindowExA 7795DC2A 5 Bytes JMP 7D238A32 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!RegisterClassA 7795DF42 5 Bytes JMP 7D239FF3 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!RegisterClassW 7795E1AB 5 Bytes JMP 7D239F40 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SetWindowLongA 7795E7CD 5 Bytes JMP 7D23B75F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!GetClassInfoExA 7795E7EB 5 Bytes JMP 7D23A1AD C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!GetClassInfoA 7795E97E 5 Bytes JMP 7D23A273 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!GetClassNameW 7795EF2B 5 Bytes JMP 7D23987F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!EnumThreadWindows 7795F3A8 5 Bytes JMP 7D23ACB2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!GetWindowTextA 7795F63C 5 Bytes JMP 7D23AAA5 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!FindWindowExA 7795F6C1 5 Bytes JMP 7D23AF89 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!PostMessageA 7795F8F8 5 Bytes JMP 7D23BDBA C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SendMessageA 7795F956 5 Bytes JMP 7D23BB82 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!EnumChildWindows 7795F9EE 5 Bytes JMP 7D23AC86 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!CreateWindowExW 77961305 5 Bytes JMP 7D238940 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SetWindowLongW 779613B4 5 Bytes JMP 7D23B6C3 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!GetShellWindow 77962032 5 Bytes JMP 7D23B01E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!GetWindowTextW 77962069 5 Bytes JMP 7D23AA7E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SendMessageTimeoutW 7796352D 5 Bytes JMP 7D23BCA3 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SetWindowPos 779635E3 5 Bytes JMP 7D238D9D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SetPropW 77963DFC 5 Bytes JMP 7D23B3E1 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!GetClassInfoExW 77967DA7 5 Bytes JMP 7D23A14A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!GetClassInfoW 77967F13 5 Bytes JMP 7D23A210 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!UnregisterClassW 77967FDE 5 Bytes JMP 7D23A0A6 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!EnumWindows 779682FE 5 Bytes JMP 7D23AC43 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!RemovePropW 77968726 5 Bytes JMP 7D23B459 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!DispatchMessageA 77968B6D 5 Bytes JMP 7D23B9AA C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!GetWindowLongA 77969994 5 Bytes JMP 7D23B55B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!PostMessageW 7796A175 5 Bytes JMP 7D23BE31 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!FindWindowW 7796A441 5 Bytes JMP 7D23ADE2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!GetWindowLongW 7796F8BF 5 Bytes JMP 7D23B4CB C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!DispatchMessageW 7797021C 5 Bytes JMP 7D23B9E6 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!DefWindowProcW 779703B4 5 Bytes JMP 7D238C60 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SendMessageW 77970AED 5 Bytes JMP 7D23BBE0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!GetPropW 77971051 5 Bytes JMP 7D23B33F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!CreateDialogParamA 779717AA 5 Bytes JMP 7D23CF56 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!CreateDialogIndirectParamA 779726F1 5 Bytes JMP 7D23CEBD C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!CreateDialogIndirectParamW 77979A62 5 Bytes JMP 7D23CE9B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SetPropA 7797B191 5 Bytes JMP 7D23B41D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!RemovePropA 7797B1E9 5 Bytes JMP 7D23B492 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!GetPropA 7797B6F3 3 Bytes JMP 7D23B3A8 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!GetPropA + 4 7797B6F7 1 Byte [05]
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SendNotifyMessageA 7797DFCF 3 Bytes JMP 7D23BD36 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SendNotifyMessageA + 4 7797DFD3 1 Byte [05]
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SendMessageTimeoutA 77980006 3 Bytes JMP 7D23BC62 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SendMessageTimeoutA + 4 7798000A 1 Byte [05]
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!DialogBoxParamW 779810B0 3 Bytes JMP 7D23CF89 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!DialogBoxParamW + 4 779810B4 1 Byte [05]
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!FindWindowExW 7798260C 3 Bytes JMP 7D23AEF4 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!FindWindowExW + 4 77982610 1 Byte [05]
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!DialogBoxIndirectParamAorW 77982EB6 3 Bytes JMP 7D23CE4B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!DialogBoxIndirectParamAorW + 4 77982EBA 1 Byte [05]
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!DialogBoxIndirectParamW 77982EF5 3 Bytes JMP 7D23CEDF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!DialogBoxIndirectParamW + 4 77982EF9 1 Byte [05]
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SetDoubleClickTime 77996FCD 5 Bytes JMP 7D238EB0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!SwapMouseButton 77996FFD 5 Bytes JMP 7D238EB0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!DialogBoxParamA 77998152 5 Bytes JMP 7D23CFBC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!DialogBoxIndirectParamA 7799847D 5 Bytes JMP 7D23CF01 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!EndTask 7799AD32 5 Bytes JMP 7D238E57 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USER32.dll!ExitWindowsEx 7799B7C3 5 Bytes JMP 7D238D00 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] GDI32.dll!EnumFontFamiliesExW 7763BA2E 5 Bytes JMP 7D23876C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] GDI32.dll!GdiAddFontResourceW 7763D4BF 5 Bytes JMP 7D238396 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] GDI32.dll!EnumFontFamiliesExA 7764F971 5 Bytes JMP 7D238758 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] GDI32.dll!CreateScalableFontResourceW 7765C993 5 Bytes JMP 7D238548 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] GDI32.dll!RemoveFontResourceExW 7765CDE4 5 Bytes JMP 7D23840D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] GDI32.dll!GetFontResourceInfoW 7765CF50 5 Bytes JMP 7D23847F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] SHELL32.dll!ShellExecuteExW 7679C15D 5 Bytes JMP 7D25077C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] SHELL32.dll!SHOpenFolderAndSelectItems 7693D736 5 Bytes JMP 7D2509A4 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ole32.dll!RegisterDragDrop 774EF11D 5 Bytes JMP 7D254BFF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ole32.dll!CoMarshalInterface 774F78AE 5 Bytes JMP 7D22984C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ole32.dll!CoUnmarshalInterface 774FB0F0 5 Bytes JMP 7D22AF65 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ole32.dll!CoGetClassObject 7750FAE8 5 Bytes JMP 7D22ACDC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ole32.dll!CoCreateInstance 77529F3E 5 Bytes JMP 7D22AD79 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ole32.dll!CoCreateInstanceEx 77529F81 5 Bytes JMP 7D22AE2A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] ole32.dll!RevokeDragDrop 7754BA2B 5 Bytes JMP 7D254C87 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USERENV.dll!RegisterGPNotification 76314485 5 Bytes JMP 7D25429C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] USERENV.dll!UnregisterGPNotification 76316253 5 Bytes JMP 7D238E9D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] Secur32.dll!LsaRegisterLogonProcess 762F7315 5 Bytes JMP 7D245A7B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] WS2_32.dll!connect 766E40D9 5 Bytes JMP 7D24625B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] WS2_32.dll!WSANSPIoctl 766E9E1F 5 Bytes JMP 7D24619A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] WS2_32.dll!WSAConnect 766ED7B0 5 Bytes JMP 7D246280 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] CRYPT32.dll!CertGetCertificateChain 75DE83D7 5 Bytes JMP 7D22C69C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] CRYPT32.dll!CryptUnprotectData 75E046B2 5 Bytes JMP 7D22C33A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieDcomLaunch.exe[612] CRYPT32.dll!CryptProtectData 75E048C7 5 Bytes JMP 7D22C502 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!RtlAdjustPrivilege 77EEAB02 5 Bytes JMP 004022B3 C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!LdrLoadDll 77EF9378 5 Bytes JMP 7D244EB0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!RtlSetCurrentDirectory_U 77EFDD00 5 Bytes JMP 7D236FCF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!RtlCreateProcessParametersEx 77EFDFE3 5 Bytes JMP 7D2468FC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!RtlQueryElevationFlags 77EFE401 5 Bytes JMP 7D24E6C1 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!RtlGetCurrentDirectory_U 77F04BF5 5 Bytes JMP 7D236D9B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!LdrUnloadDll 77F0B680 5 Bytes JMP 7D244F92 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtAdjustPrivilegesToken 77F33F64 5 Bytes JMP 7D24E694 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtAlpcConnectPort 77F33FF4 5 Bytes JMP 7D23F05C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtAlpcCreatePort 77F34004 5 Bytes JMP 7D23EF32 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtAlpcImpersonateClientOfPort 77F340A4 5 Bytes JMP 7D23E323 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtAlpcQueryInformation 77F340D4 5 Bytes JMP 7D23E198 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtAlpcQueryInformationMessage 77F340E4 5 Bytes JMP 7D23E1C2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtClose 77F341A4 5 Bytes JMP 7D236B60 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtConnectPort 77F34204 5 Bytes JMP 7D23EC14 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtCreateEvent 77F34244 5 Bytes JMP 7D23F23F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtCreateFile 77F34264 5 Bytes JMP 7D2372AF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtCreateKey 77F342A4 5 Bytes JMP 7D242BFE C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtCreateMailslotFile 77F342C4 5 Bytes JMP 7D234F7C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtCreateMutant 77F342D4 5 Bytes JMP 7D23F507 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtCreateNamedPipeFile 77F342E4 5 Bytes JMP 7D2350AB C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtCreatePort 77F34314 5 Bytes JMP 7D23EADB C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtCreateSection 77F34354 5 Bytes JMP 7D23FA88 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtCreateSemaphore 77F34364 5 Bytes JMP 7D23F7C0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtDeleteFile 77F34644 5 Bytes JMP 7D23242F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtDeleteKey 77F34654 5 Bytes JMP 7D24355A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtDeleteValueKey 77F34684 5 Bytes JMP 7D244103 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtDuplicateObject 77F346B4 5 Bytes JMP 7D24E378 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtEnumerateKey 77F346F4 5 Bytes JMP 7D243889 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtEnumerateValueKey 77F34724 5 Bytes JMP 7D243DC4 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtFsControlFile 77F34804 5 Bytes JMP 7D2367FC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtImpersonateClientOfPort 77F34874 5 Bytes JMP 7D23E2FD C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtLoadDriver 77F348F4 5 Bytes JMP 7D245035 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtLoadKey 77F34904 5 Bytes JMP 7D242287 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtMapViewOfSection 77F349B4 5 Bytes JMP 7D24522F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtNotifyChangeKey 77F349F4 5 Bytes JMP 7D242A14 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtNotifyChangeMultipleKeys 77F34A04 5 Bytes JMP 7D241F42 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtOpenEvent 77F34A24 5 Bytes JMP 7D23F3A3 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtOpenFile 77F34A44 5 Bytes JMP 7D237E88 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtOpenKey 77F34A74 5 Bytes JMP 7D2434EE C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtOpenMutant 77F34A94 5 Bytes JMP 7D23F65C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtOpenProcess 77F34AC4 5 Bytes JMP 7D24E2B2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtOpenSection 77F34AF4 5 Bytes JMP 7D23FC04 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtOpenSemaphore 77F34B04 5 Bytes JMP 7D23F924 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtOpenThread 77F34B34 5 Bytes JMP 7D24E32A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtQueryAttributesFile 77F34BE4 5 Bytes JMP 7D232374 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtQueryDirectoryFile 77F34C44 5 Bytes JMP 7D23690C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtQueryFullAttributesFile 77F34C94 5 Bytes JMP 7D234584 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtQueryInformationFile 77F34CB4 5 Bytes JMP 7D235FF7 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtQueryKey 77F34D44 5 Bytes JMP 7D243570 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtQueryMultipleValueKey 77F34D54 5 Bytes JMP 7D243F0E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtQuerySecurityObject 77F34DD4 5 Bytes JMP 7D24E43E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtQuerySystemInformation 77F34E24 5 Bytes JMP 7D251686 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtQueryValueKey 77F34E64 5 Bytes JMP 7D243C06 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtQueryVolumeInformationFile 77F34E84 5 Bytes JMP 7D237048 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtReadFile 77F34EC4 5 Bytes JMP 7D22FC9B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtRenameKey 77F34F54 5 Bytes JMP 7D242267 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtSaveKey 77F35054 5 Bytes JMP 7D22D84B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtSecureConnectPort 77F35084 5 Bytes JMP 7D23ED87 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtSetInformationFile 77F35174 5 Bytes JMP 7D237D03 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtSetInformationProcess 77F351B4 5 Bytes JMP 004022E0 C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtSetInformationToken 77F351D4 5 Bytes JMP 7D24E664 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtSetSecurityObject 77F35244 5 Bytes JMP 7D24E53D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtSetValueKey 77F352E4 5 Bytes JMP 7D2428EF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!NtWriteFile 77F354D4 5 Bytes JMP 7D22FD6A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!RtlGetFullPathName_U 77F39520 5 Bytes JMP 7D2357D2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ntdll.dll!RtlCreateProcessParameters 77F66B2C 5 Bytes JMP 7D2468C9 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] kernel32.dll!CreateProcessW 77BD1BF3 5 Bytes JMP 7D24845D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] kernel32.dll!CreateProcessA 77BD1C28 5 Bytes JMP 7D2481DE C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] kernel32.dll!DefineDosDeviceA 77BD2AFA 5 Bytes JMP 7D23249F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] kernel32.dll!DefineDosDeviceW 77BE855C 5 Bytes JMP 7D23249F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] kernel32.dll!CreateActCtxW 77BEC7A9 5 Bytes JMP 7D2533BB C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] kernel32.dll!MoveFileWithProgressW 77BF112C 5 Bytes JMP 7D232477 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] kernel32.dll!CreateFileMappingW 77BF1170 5 Bytes JMP 00402568 C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] kernel32.dll!WinExec 77C6614F 5 Bytes JMP 7D247386 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] kernel32.dll!SetLocaleInfoA 77C7C7AF 5 Bytes JMP 7D23249F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] kernel32.dll!SetLocaleInfoW 77C7DF85 5 Bytes JMP 7D23249F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!StartServiceCtrlDispatcherA 76462036 5 Bytes JMP 7D24B5D0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!RegisterServiceCtrlHandlerA 7646308C 5 Bytes JMP 7D24A1F0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!RegisterServiceCtrlHandlerExA 76466678 5 Bytes JMP 7D24A209 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!ReportEventA 76469FD3 5 Bytes JMP 7D24A48C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!StartServiceA 7646A24D 5 Bytes JMP 7D24CC2D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 7D247F3A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!StartServiceCtrlDispatcherW 7646E495 5 Bytes JMP 00401E70 C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!RegisterServiceCtrlHandlerW 7646E988 5 Bytes JMP 7D24A1F0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!SetServiceStatus 7646F20C 5 Bytes JMP 00401D74 C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!RegisterServiceCtrlHandlerExW 7646FB59 5 Bytes JMP 7D24A209 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!NotifyServiceStatusChange 76474A82 5 Bytes JMP 7D24B13A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!RegConnectRegistryW 76474CC8 5 Bytes JMP 7D2286D1 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!ReportEventW 76476047 5 Bytes JMP 7D24A48C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!RegisterEventSourceW 76478A01 5 Bytes JMP 7D24A420 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!RegisterEventSourceA 7647D306 5 Bytes JMP 7D24A435 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!DeregisterEventSource 76481BCD 5 Bytes JMP 7D238E9D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 7D247CF2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!OpenSCManagerA 76482D93 5 Bytes JMP 7D24A521 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!OpenServiceA 76482EBD 5 Bytes JMP 7D24CE2A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!StartServiceW 76483E0B 5 Bytes JMP 00402068 C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!QueryServiceStatusEx 76484FFE 5 Bytes JMP 00401F5C C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!QueryServiceConfigW 764850A4 5 Bytes JMP 7D24BDBD C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!QueryServiceConfigA 764851AD 5 Bytes JMP 7D24BFE2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!LookupAccountNameW 76485CF5 5 Bytes JMP 7D228624 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!OpenSCManagerW 76487137 5 Bytes JMP 7D24A521 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CloseServiceHandle 764882A5 5 Bytes JMP 00401F2C C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!OpenServiceW 76488354 5 Bytes JMP 00401E99 C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!QueryServiceStatus 7648842C 5 Bytes JMP 00402014 C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!SetThreadToken 76488E21 5 Bytes JMP 00402333 C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!AccessCheckByType 76492DC1 5 Bytes JMP 0040230D C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!RegQueryValueExW 764A765E 5 Bytes JMP 0040275E C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!OpenThreadToken 764A779D 5 Bytes JMP 0040268A C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!RegOpenKeyExW 764A7BA1 5 Bytes JMP 004026D7 C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!GetTokenInformation 764A8069 5 Bytes JMP 004023DE C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CreateServiceW 764A9EB4 5 Bytes JMP 7D24D332
|
|
10.01.2014, 16:05
| #3 |
| | Browser laden extrem langsam ...
__________________Geändert von bärtiger (10.01.2014 um 16:13 Uhr) |
|
10.01.2014, 16:10
| #4 |
| | Browser laden extrem langsam und der Rest Code:
ATTFilter C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!ControlService 764A9FB8 5 Bytes JMP 004020A8 C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!DeleteService 764AA07E 5 Bytes JMP 7D24CA6E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!GetServiceDisplayNameW 764AB0B3 5 Bytes JMP 7D24C387 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!GetServiceKeyNameW 764AB164 5 Bytes JMP 7D24C4BE C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!EnumServicesStatusExA 764AB31B 5 Bytes JMP 7D24D2F3 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CreateProcessWithTokenW 764C80F7 5 Bytes JMP 7D24820F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CredWriteA 764C9DC9 5 Bytes JMP 7D22BF5E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CredWriteW 764C9E89 5 Bytes JMP 7D22B9DA C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CredReadA 764C9F4B 5 Bytes JMP 7D22BFF6 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CredReadW 764CA031 5 Bytes JMP 7D22BA55 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CredEnumerateA 764CA121 5 Bytes JMP 7D22C036 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CredEnumerateW 764CA229 5 Bytes JMP 7D22BD2F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CredWriteDomainCredentialsA 764CA331 5 Bytes JMP 7D22BF84 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CredWriteDomainCredentialsW 764CA419 5 Bytes JMP 7D22BB04 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CredReadDomainCredentialsA 764CA501 5 Bytes JMP 7D22C016 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CredReadDomainCredentialsW 764CA609 5 Bytes JMP 7D22BBE0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CredDeleteA 764CA711 5 Bytes JMP 7D22BFD0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CredDeleteW 764CA7C9 5 Bytes JMP 7D22BCF1 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CredRenameA 764CA881 5 Bytes JMP 7D22BF38 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!RegConnectRegistryA 764E2DE1 5 Bytes JMP 7D2286A0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!EnumServicesStatusExW 764E6909 5 Bytes JMP 7D24D2B4 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!EnumServicesStatusA 764E6B47 5 Bytes JMP 7D24D287 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!QueryServiceObjectSecurity 764E6C21 5 Bytes JMP 7D24B031 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!SetServiceObjectSecurity 764E6CD9 5 Bytes JMP 7D24B117 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!ChangeServiceConfigA 764E6DD9 5 Bytes JMP 7D24C87B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!ChangeServiceConfigW 764E6F81 5 Bytes JMP 7D24C6BD C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!ChangeServiceConfig2A 764E7099 5 Bytes JMP 7D24CA60 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!ChangeServiceConfig2W 764E71E1 5 Bytes JMP 7D24CA27 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!CreateServiceA 764E72A1 5 Bytes JMP 7D24D50E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!EnumDependentServicesA 764E7505 5 Bytes JMP 7D24A110 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!EnumDependentServicesW 764E75D9 5 Bytes JMP 7D24A110 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!GetServiceDisplayNameA 764E76B1 5 Bytes JMP 7D24C40A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!GetServiceKeyNameA 764E7759 5 Bytes JMP 7D24C5B1 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!LockServiceDatabase 764E7801 5 Bytes JMP 7D24A12D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!QueryServiceConfig2A 764E7891 5 Bytes JMP 7D24C216 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!QueryServiceConfig2W 764E7A19 5 Bytes JMP 7D24C16A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!QueryServiceLockStatusA 764E7BA1 5 Bytes JMP 7D24A0CC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!QueryServiceLockStatusW 764E7C49 5 Bytes JMP 7D24A0CC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!UnlockServiceDatabase 764E7CF1 5 Bytes JMP 7D24A153 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ADVAPI32.dll!EnumServicesStatusW 764E7F61 5 Bytes JMP 7D24D25A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] RPCRT4.dll!RpcBindingInqAuthClientExW 773A73FC 5 Bytes JMP 7D24871D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!RegisterDeviceNotificationA 779560FE 5 Bytes JMP 7D238E88 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!RegisterClassExA 779561E1 5 Bytes JMP 7D239E8D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SetWindowsHookExA 77956322 5 Bytes JMP 7D23C387 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!UnregisterDeviceNotification 77956713 5 Bytes JMP 7D238E9D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!GetClassNameA 77956853 5 Bytes JMP 7D239953 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!CreateDialogIndirectParamAorW 77957266 5 Bytes JMP 7D23CDEF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!CreateDialogParamW 779572A2 5 Bytes JMP 7D23CF23 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!EnumDesktopWindows 77957525 5 Bytes JMP 7D23ACDE C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SetWindowsHookExW 779587AD 5 Bytes JMP 7D23C3CF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SendNotifyMessageW 779593D6 5 Bytes JMP 7D23BD78 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!MoveWindow 7795989F 5 Bytes JMP 7D238D6D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!UnhookWindowsHookEx 779598DB 5 Bytes JMP 7D23C144 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!FindWindowA 77959D76 5 Bytes JMP 7D23AE6B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SetParent 7795A2AA 5 Bytes JMP 7D238D3D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!UnregisterClassA 7795BF81 5 Bytes JMP 7D23A0F8 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!RegisterClassExW 7795DA30 5 Bytes JMP 7D239DDA C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!DefWindowProcA 7795DB88 5 Bytes JMP 7D238CB0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!CreateWindowExA 7795DC2A 5 Bytes JMP 7D238A32 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!RegisterClassA 7795DF42 5 Bytes JMP 7D239FF3 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!RegisterClassW 7795E1AB 5 Bytes JMP 7D239F40 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SetWindowLongA 7795E7CD 5 Bytes JMP 7D23B75F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!GetClassInfoExA 7795E7EB 5 Bytes JMP 7D23A1AD C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!GetClassInfoA 7795E97E 5 Bytes JMP 7D23A273 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!GetClassNameW 7795EF2B 5 Bytes JMP 7D23987F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!EnumThreadWindows 7795F3A8 5 Bytes JMP 7D23ACB2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!GetWindowTextA 7795F63C 5 Bytes JMP 7D23AAA5 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!FindWindowExA 7795F6C1 5 Bytes JMP 7D23AF89 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!PostMessageA 7795F8F8 5 Bytes JMP 7D23BDBA C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SendMessageA 7795F956 5 Bytes JMP 7D23BB82 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!EnumChildWindows 7795F9EE 5 Bytes JMP 7D23AC86 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!CreateWindowExW 77961305 5 Bytes JMP 7D238940 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SetWindowLongW 779613B4 5 Bytes JMP 7D23B6C3 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!GetShellWindow 77962032 5 Bytes JMP 7D23B01E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!GetWindowTextW 77962069 5 Bytes JMP 7D23AA7E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SendMessageTimeoutW 7796352D 5 Bytes JMP 7D23BCA3 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SetWindowPos 779635E3 5 Bytes JMP 7D238D9D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SetPropW 77963DFC 5 Bytes JMP 7D23B3E1 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!GetClassInfoExW 77967DA7 5 Bytes JMP 7D23A14A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!GetClassInfoW 77967F13 5 Bytes JMP 7D23A210 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!UnregisterClassW 77967FDE 5 Bytes JMP 7D23A0A6 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!EnumWindows 779682FE 5 Bytes JMP 7D23AC43 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!RemovePropW 77968726 5 Bytes JMP 7D23B459 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!DispatchMessageA 77968B6D 5 Bytes JMP 7D23B9AA C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!GetWindowLongA 77969994 5 Bytes JMP 7D23B55B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!PostMessageW 7796A175 5 Bytes JMP 7D23BE31 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!FindWindowW 7796A441 5 Bytes JMP 7D23ADE2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!GetWindowLongW 7796F8BF 5 Bytes JMP 7D23B4CB C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!DispatchMessageW 7797021C 5 Bytes JMP 7D23B9E6 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!DefWindowProcW 779703B4 5 Bytes JMP 7D238C60 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SendMessageW 77970AED 5 Bytes JMP 7D23BBE0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!GetPropW 77971051 5 Bytes JMP 7D23B33F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!CreateDialogParamA 779717AA 5 Bytes JMP 7D23CF56 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!CreateDialogIndirectParamA 779726F1 5 Bytes JMP 7D23CEBD C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!CreateDialogIndirectParamW 77979A62 5 Bytes JMP 7D23CE9B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SetPropA 7797B191 5 Bytes JMP 7D23B41D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!RemovePropA 7797B1E9 5 Bytes JMP 7D23B492 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!GetPropA 7797B6F3 3 Bytes JMP 7D23B3A8 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!GetPropA + 4 7797B6F7 1 Byte [05]
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SendNotifyMessageA 7797DFCF 3 Bytes JMP 7D23BD36 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SendNotifyMessageA + 4 7797DFD3 1 Byte [05]
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SendMessageTimeoutA 77980006 3 Bytes JMP 7D23BC62 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SendMessageTimeoutA + 4 7798000A 1 Byte [05]
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!DialogBoxParamW 779810B0 3 Bytes JMP 7D23CF89 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!DialogBoxParamW + 4 779810B4 1 Byte [05]
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!FindWindowExW 7798260C 3 Bytes JMP 7D23AEF4 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!FindWindowExW + 4 77982610 1 Byte [05]
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!DialogBoxIndirectParamAorW 77982EB6 3 Bytes JMP 7D23CE4B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!DialogBoxIndirectParamAorW + 4 77982EBA 1 Byte [05]
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!DialogBoxIndirectParamW 77982EF5 3 Bytes JMP 7D23CEDF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!DialogBoxIndirectParamW + 4 77982EF9 1 Byte [05]
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SetDoubleClickTime 77996FCD 5 Bytes JMP 7D238EB0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!SwapMouseButton 77996FFD 5 Bytes JMP 7D238EB0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!DialogBoxParamA 77998152 5 Bytes JMP 7D23CFBC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!DialogBoxIndirectParamA 7799847D 5 Bytes JMP 7D23CF01 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!EndTask 7799AD32 5 Bytes JMP 7D238E57 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USER32.dll!ExitWindowsEx 7799B7C3 5 Bytes JMP 7D238D00 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] GDI32.dll!EnumFontFamiliesExW 7763BA2E 5 Bytes JMP 7D23876C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] GDI32.dll!GdiAddFontResourceW 7763D4BF 5 Bytes JMP 7D238396 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] GDI32.dll!EnumFontFamiliesExA 7764F971 5 Bytes JMP 7D238758 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] GDI32.dll!CreateScalableFontResourceW 7765C993 5 Bytes JMP 7D238548 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] GDI32.dll!RemoveFontResourceExW 7765CDE4 5 Bytes JMP 7D23840D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] GDI32.dll!GetFontResourceInfoW 7765CF50 5 Bytes JMP 7D23847F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] WS2_32.dll!WSASocketW 766E34EB 5 Bytes JMP 00402674 C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] WS2_32.dll!connect 766E40D9 5 Bytes JMP 7D24625B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] WS2_32.dll!bind 766E652F 5 Bytes JMP 0040259F C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] WS2_32.dll!gethostname 766E75EB 5 Bytes JMP 004025B3 C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] WS2_32.dll!listen 766E8CD7 5 Bytes JMP 004025A9 C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] WS2_32.dll!WSANSPIoctl 766E9E1F 5 Bytes JMP 7D24619A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] WS2_32.dll!WSAConnect 766ED7B0 5 Bytes JMP 7D246280 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] WS2_32.dll!gethostbyname 766F62D4 5 Bytes JMP 004025EA C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ole32.dll!RegisterDragDrop 774EF11D 5 Bytes JMP 7D254BFF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ole32.dll!CoMarshalInterface 774F78AE 5 Bytes JMP 7D22984C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ole32.dll!CoUnmarshalInterface 774FB0F0 5 Bytes JMP 7D22AF65 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ole32.dll!CoGetClassObject 7750FAE8 5 Bytes JMP 7D22ACDC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ole32.dll!CoCreateInstance 77529F3E 5 Bytes JMP 7D22AD79 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ole32.dll!CoCreateInstanceEx 77529F81 5 Bytes JMP 7D22AE2A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] ole32.dll!RevokeDragDrop 7754BA2B 5 Bytes JMP 7D254C87 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] Secur32.dll!LsaRegisterLogonProcess 762F7315 5 Bytes JMP 7D245A7B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] CRYPT32.dll!CertGetCertificateChain 75DE83D7 5 Bytes JMP 7D22C69C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] CRYPT32.dll!CryptUnprotectData 75E046B2 5 Bytes JMP 7D22C33A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] CRYPT32.dll!CryptProtectData 75E048C7 5 Bytes JMP 7D22C502 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USERENV.dll!RegisterGPNotification 76314485 5 Bytes JMP 7D25429C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\Desktop\Tools\SandboxieRpcSs.exe[2668] USERENV.dll!UnregisterGPNotification 76316253 5 Bytes JMP 7D238E9D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!LdrLoadDll 77EF9378 5 Bytes JMP 7D244EB0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!RtlSetCurrentDirectory_U 77EFDD00 5 Bytes JMP 7D236FCF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!RtlCreateProcessParametersEx 77EFDFE3 5 Bytes JMP 7D2468FC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!RtlGetCurrentDirectory_U 77F04BF5 5 Bytes JMP 7D236D9B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!LdrUnloadDll 77F0B680 5 Bytes JMP 7D244F92 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtAdjustPrivilegesToken 77F33F64 5 Bytes JMP 7D24E694 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtAlpcConnectPort 77F33FF4 5 Bytes JMP 7D23F05C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtAlpcCreatePort 77F34004 5 Bytes JMP 7D23EF32 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtAlpcImpersonateClientOfPort 77F340A4 5 Bytes JMP 7D23E323 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtAlpcQueryInformation 77F340D4 5 Bytes JMP 7D23E198 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtAlpcQueryInformationMessage 77F340E4 5 Bytes JMP 7D23E1C2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtClose 77F341A4 5 Bytes JMP 7D236B60 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtConnectPort 77F34204 5 Bytes JMP 7D23EC14 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtCreateEvent 77F34244 5 Bytes JMP 7D23F23F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtCreateFile 77F34264 5 Bytes JMP 7D2372AF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtCreateKey 77F342A4 5 Bytes JMP 7D242BFE C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtCreateMailslotFile 77F342C4 5 Bytes JMP 7D234F7C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtCreateMutant 77F342D4 5 Bytes JMP 7D23F507 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtCreateNamedPipeFile 77F342E4 5 Bytes JMP 7D2350AB C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtCreatePort 77F34314 5 Bytes JMP 7D23EADB C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtCreateSection 77F34354 5 Bytes JMP 7D23FA88 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtCreateSemaphore 77F34364 5 Bytes JMP 7D23F7C0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtDeleteFile 77F34644 5 Bytes JMP 7D23242F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtDeleteKey 77F34654 5 Bytes JMP 7D24355A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtDeleteValueKey 77F34684 5 Bytes JMP 7D244103 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtDuplicateObject 77F346B4 5 Bytes JMP 7D24E378 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtEnumerateKey 77F346F4 5 Bytes JMP 7D243889 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtEnumerateValueKey 77F34724 5 Bytes JMP 7D243DC4 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtFsControlFile 77F34804 5 Bytes JMP 7D2367FC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtImpersonateClientOfPort 77F34874 5 Bytes JMP 7D23E2FD C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtLoadDriver 77F348F4 5 Bytes JMP 7D245035 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtLoadKey 77F34904 5 Bytes JMP 7D242287 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtMapViewOfSection 77F349B4 5 Bytes JMP 7D24522F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtNotifyChangeKey 77F349F4 5 Bytes JMP 7D242A14 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtNotifyChangeMultipleKeys 77F34A04 5 Bytes JMP 7D241F42 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtOpenEvent 77F34A24 5 Bytes JMP 7D23F3A3 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtOpenFile 77F34A44 5 Bytes JMP 7D237E88 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtOpenKey 77F34A74 5 Bytes JMP 7D2434EE C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtOpenMutant 77F34A94 5 Bytes JMP 7D23F65C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtOpenProcess 77F34AC4 5 Bytes JMP 7D24E2B2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtOpenSection 77F34AF4 5 Bytes JMP 7D23FC04 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtOpenSemaphore 77F34B04 5 Bytes JMP 7D23F924 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtOpenThread 77F34B34 5 Bytes JMP 7D24E32A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtQueryAttributesFile 77F34BE4 5 Bytes JMP 7D232374 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtQueryDirectoryFile 77F34C44 5 Bytes JMP 7D23690C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtQueryFullAttributesFile 77F34C94 5 Bytes JMP 7D234584 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtQueryInformationFile 77F34CB4 5 Bytes JMP 7D235FF7 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtQueryKey 77F34D44 5 Bytes JMP 7D243570 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtQueryMultipleValueKey 77F34D54 5 Bytes JMP 7D243F0E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtQuerySecurityObject 77F34DD4 5 Bytes JMP 7D24E43E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtQuerySystemInformation 77F34E24 5 Bytes JMP 7D251686 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtQueryValueKey 77F34E64 5 Bytes JMP 7D243C06 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtQueryVolumeInformationFile 77F34E84 5 Bytes JMP 7D237048 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtReadFile 77F34EC4 5 Bytes JMP 7D22FC9B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtRenameKey 77F34F54 5 Bytes JMP 7D242267 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtSaveKey 77F35054 5 Bytes JMP 7D22D84B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtSecureConnectPort 77F35084 5 Bytes JMP 7D23ED87 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtSetInformationFile 77F35174 5 Bytes JMP 7D237D03 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtSetInformationToken 77F351D4 5 Bytes JMP 7D24E664 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtSetSecurityObject 77F35244 5 Bytes JMP 7D24E53D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtSetValueKey 77F352E4 5 Bytes JMP 7D2428EF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!NtWriteFile 77F354D4 5 Bytes JMP 7D22FD6A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!RtlGetFullPathName_U 77F39520 5 Bytes JMP 7D2357D2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ntdll.dll!RtlCreateProcessParameters 77F66B2C 5 Bytes JMP 7D2468C9 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] kernel32.dll!CreateProcessW 77BD1BF3 5 Bytes JMP 7D24845D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] kernel32.dll!CreateProcessA 77BD1C28 5 Bytes JMP 7D2481DE C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] kernel32.dll!DefineDosDeviceA 77BD2AFA 5 Bytes JMP 7D23249F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] kernel32.dll!DefineDosDeviceW 77BE855C 5 Bytes JMP 7D23249F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] kernel32.dll!CreateActCtxW 77BEC7A9 5 Bytes JMP 7D2533BB C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] kernel32.dll!MoveFileWithProgressW 77BF112C 5 Bytes JMP 7D232477 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] kernel32.dll!WinExec 77C6614F 5 Bytes JMP 7D247386 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] kernel32.dll!SetLocaleInfoA 77C7C7AF 5 Bytes JMP 7D23249F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] kernel32.dll!SetLocaleInfoW 77C7DF85 5 Bytes JMP 7D23249F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!RegisterDeviceNotificationA 779560FE 5 Bytes JMP 7D238E88 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!RegisterClassExA 779561E1 5 Bytes JMP 7D239E8D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SetWindowsHookExA 77956322 5 Bytes JMP 7D23C387 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!UnregisterDeviceNotification 77956713 5 Bytes JMP 7D238E9D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!GetClassNameA 77956853 5 Bytes JMP 7D239953 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!CreateDialogIndirectParamAorW 77957266 5 Bytes JMP 7D23CDEF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!CreateDialogParamW 779572A2 5 Bytes JMP 7D23CF23 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!EnumDesktopWindows 77957525 5 Bytes JMP 7D23ACDE C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SetWindowsHookExW 779587AD 5 Bytes JMP 7D23C3CF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SendNotifyMessageW 779593D6 5 Bytes JMP 7D23BD78 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!MoveWindow 7795989F 5 Bytes JMP 7D238D6D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!UnhookWindowsHookEx 779598DB 5 Bytes JMP 7D23C144 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!FindWindowA 77959D76 5 Bytes JMP 7D23AE6B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SetParent 7795A2AA 5 Bytes JMP 7D238D3D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!UnregisterClassA 7795BF81 5 Bytes JMP 7D23A0F8 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!RegisterClassExW 7795DA30 5 Bytes JMP 7D239DDA C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!DefWindowProcA 7795DB88 5 Bytes JMP 7D238CB0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!CreateWindowExA 7795DC2A 5 Bytes JMP 7D238A32 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!RegisterClassA 7795DF42 5 Bytes JMP 7D239FF3 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!RegisterClassW 7795E1AB 5 Bytes JMP 7D239F40 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SetWindowLongA 7795E7CD 5 Bytes JMP 7D23B75F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!GetClassInfoExA 7795E7EB 5 Bytes JMP 7D23A1AD C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!GetClassInfoA 7795E97E 5 Bytes JMP 7D23A273 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!GetClassNameW 7795EF2B 5 Bytes JMP 7D23987F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!EnumThreadWindows 7795F3A8 5 Bytes JMP 7D23ACB2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!GetWindowTextA 7795F63C 5 Bytes JMP 7D23AAA5 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!FindWindowExA 7795F6C1 5 Bytes JMP 7D23AF89 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!PostMessageA 7795F8F8 5 Bytes JMP 7D23BDBA C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SendMessageA 7795F956 5 Bytes JMP 7D23BB82 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!EnumChildWindows 7795F9EE 5 Bytes JMP 7D23AC86 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!CreateWindowExW 77961305 5 Bytes JMP 7D238940 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SetWindowLongW 779613B4 5 Bytes JMP 7D23B6C3 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!GetShellWindow 77962032 5 Bytes JMP 7D23B01E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!GetWindowTextW 77962069 5 Bytes JMP 7D23AA7E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SendMessageTimeoutW 7796352D 5 Bytes JMP 7D23BCA3 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SetWindowPos 779635E3 5 Bytes JMP 7D238D9D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SetPropW 77963DFC 5 Bytes JMP 7D23B3E1 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!GetClassInfoExW 77967DA7 5 Bytes JMP 7D23A14A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!GetClassInfoW 77967F13 5 Bytes JMP 7D23A210 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!UnregisterClassW 77967FDE 5 Bytes JMP 7D23A0A6 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!EnumWindows 779682FE 5 Bytes JMP 7D23AC43 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!RemovePropW 77968726 5 Bytes JMP 7D23B459 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!DispatchMessageA 77968B6D 5 Bytes JMP 7D23B9AA C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!GetWindowLongA 77969994 5 Bytes JMP 7D23B55B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!PostMessageW 7796A175 5 Bytes JMP 7D23BE31 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!FindWindowW 7796A441 5 Bytes JMP 7D23ADE2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!GetWindowLongW 7796F8BF 5 Bytes JMP 7D23B4CB C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!DispatchMessageW 7797021C 5 Bytes JMP 7D23B9E6 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!DefWindowProcW 779703B4 5 Bytes JMP 7D238C60 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SendMessageW 77970AED 5 Bytes JMP 7D23BBE0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!GetPropW 77971051 5 Bytes JMP 7D23B33F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!CreateDialogParamA 779717AA 5 Bytes JMP 7D23CF56 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!CreateDialogIndirectParamA 779726F1 5 Bytes JMP 7D23CEBD C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!CreateDialogIndirectParamW 77979A62 5 Bytes JMP 7D23CE9B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SetPropA 7797B191 5 Bytes JMP 7D23B41D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!RemovePropA 7797B1E9 5 Bytes JMP 7D23B492 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!GetPropA 7797B6F3 3 Bytes JMP 7D23B3A8 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!GetPropA + 4 7797B6F7 1 Byte [05]
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SendNotifyMessageA 7797DFCF 3 Bytes JMP 7D23BD36 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SendNotifyMessageA + 4 7797DFD3 1 Byte [05]
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SendMessageTimeoutA 77980006 3 Bytes JMP 7D23BC62 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SendMessageTimeoutA + 4 7798000A 1 Byte [05]
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!DialogBoxParamW 779810B0 3 Bytes JMP 7D23CF89 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!DialogBoxParamW + 4 779810B4 1 Byte [05]
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!FindWindowExW 7798260C 3 Bytes JMP 7D23AEF4 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!FindWindowExW + 4 77982610 1 Byte [05]
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!DialogBoxIndirectParamAorW 77982EB6 3 Bytes JMP 7D23CE4B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!DialogBoxIndirectParamAorW + 4 77982EBA 1 Byte [05]
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!DialogBoxIndirectParamW 77982EF5 3 Bytes JMP 7D23CEDF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!DialogBoxIndirectParamW + 4 77982EF9 1 Byte [05]
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SetDoubleClickTime 77996FCD 5 Bytes JMP 7D238EB0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!SwapMouseButton 77996FFD 5 Bytes JMP 7D238EB0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!DialogBoxParamA 77998152 5 Bytes JMP 7D23CFBC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!DialogBoxIndirectParamA 7799847D 5 Bytes JMP 7D23CF01 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!EndTask 7799AD32 5 Bytes JMP 7D238E57 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USER32.dll!ExitWindowsEx 7799B7C3 5 Bytes JMP 7D238D00 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] GDI32.dll!EnumFontFamiliesExW 7763BA2E 5 Bytes JMP 7D23876C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] GDI32.dll!GdiAddFontResourceW 7763D4BF 5 Bytes JMP 7D238396 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] GDI32.dll!EnumFontFamiliesExA 7764F971 5 Bytes JMP 7D238758 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] GDI32.dll!CreateScalableFontResourceW 7765C993 5 Bytes JMP 7D238548 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] GDI32.dll!RemoveFontResourceExW 7765CDE4 5 Bytes JMP 7D23840D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] GDI32.dll!GetFontResourceInfoW 7765CF50 5 Bytes JMP 7D23847F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!StartServiceCtrlDispatcherA 76462036 5 Bytes JMP 7D24B5D0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!RegisterServiceCtrlHandlerA 7646308C 5 Bytes JMP 7D24A1F0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!RegisterServiceCtrlHandlerExA 76466678 5 Bytes JMP 7D24A209 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!ReportEventA 76469FD3 5 Bytes JMP 7D24A48C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!StartServiceA 7646A24D 5 Bytes JMP 7D24CC2D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 7D247F3A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!StartServiceCtrlDispatcherW 7646E495 5 Bytes JMP 7D24B5BA C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!RegisterServiceCtrlHandlerW 7646E988 5 Bytes JMP 7D24A1F0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!SetServiceStatus 7646F20C 5 Bytes JMP 7D24A3D2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!RegisterServiceCtrlHandlerExW 7646FB59 5 Bytes JMP 7D24A209 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!NotifyServiceStatusChange 76474A82 5 Bytes JMP 7D24B13A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!RegConnectRegistryW 76474CC8 5 Bytes JMP 7D2286D1 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!ReportEventW 76476047 5 Bytes JMP 7D24A48C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!RegisterEventSourceW 76478A01 5 Bytes JMP 7D24A420 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!RegisterEventSourceA 7647D306 5 Bytes JMP 7D24A435 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!DeregisterEventSource 76481BCD 5 Bytes JMP 7D238E9D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 7D247CF2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!OpenSCManagerA 76482D93 5 Bytes JMP 7D24A521 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!OpenServiceA 76482EBD 5 Bytes JMP 7D24CE2A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!StartServiceW 76483E0B 5 Bytes JMP 7D24CB94 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!QueryServiceStatusEx 76484FFE 5 Bytes JMP 7D24BD26 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!QueryServiceConfigW 764850A4 5 Bytes JMP 7D24BDBD C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!QueryServiceConfigA 764851AD 5 Bytes JMP 7D24BFE2 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!LookupAccountNameW 76485CF5 5 Bytes JMP 7D228624 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!OpenSCManagerW 76487137 5 Bytes JMP 7D24A521 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CloseServiceHandle 764882A5 5 Bytes JMP 7D24B5E6 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!OpenServiceW 76488354 5 Bytes JMP 7D24CD85 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!QueryServiceStatus 7648842C 5 Bytes JMP 7D24BD87 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CreateServiceW 764A9EB4 5 Bytes JMP 7D24D332 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!ControlService 764A9FB8 5 Bytes JMP 7D24CC3B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!DeleteService 764AA07E 5 Bytes JMP 7D24CA6E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!GetServiceDisplayNameW 764AB0B3 5 Bytes JMP 7D24C387 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!GetServiceKeyNameW 764AB164 5 Bytes JMP 7D24C4BE C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!EnumServicesStatusExA 764AB31B 5 Bytes JMP 7D24D2F3 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CreateProcessWithTokenW 764C80F7 5 Bytes JMP 7D24820F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CredWriteA 764C9DC9 5 Bytes JMP 7D22BF5E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CredWriteW 764C9E89 5 Bytes JMP 7D22B9DA C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CredReadA 764C9F4B 5 Bytes JMP 7D22BFF6 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CredReadW 764CA031 5 Bytes JMP 7D22BA55 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CredEnumerateA 764CA121 5 Bytes JMP 7D22C036 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CredEnumerateW 764CA229 5 Bytes JMP 7D22BD2F C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CredWriteDomainCredentialsA 764CA331 5 Bytes JMP 7D22BF84 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CredWriteDomainCredentialsW 764CA419 5 Bytes JMP 7D22BB04 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CredReadDomainCredentialsA 764CA501 5 Bytes JMP 7D22C016 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CredReadDomainCredentialsW 764CA609 5 Bytes JMP 7D22BBE0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CredDeleteA 764CA711 5 Bytes JMP 7D22BFD0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CredDeleteW 764CA7C9 5 Bytes JMP 7D22BCF1 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CredRenameA 764CA881 5 Bytes JMP 7D22BF38 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!RegConnectRegistryA 764E2DE1 5 Bytes JMP 7D2286A0 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!EnumServicesStatusExW 764E6909 5 Bytes JMP 7D24D2B4 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!EnumServicesStatusA 764E6B47 5 Bytes JMP 7D24D287 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!QueryServiceObjectSecurity 764E6C21 5 Bytes JMP 7D24B031 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!SetServiceObjectSecurity 764E6CD9 5 Bytes JMP 7D24B117 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!ChangeServiceConfigA 764E6DD9 5 Bytes JMP 7D24C87B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!ChangeServiceConfigW 764E6F81 5 Bytes JMP 7D24C6BD C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!ChangeServiceConfig2A 764E7099 5 Bytes JMP 7D24CA60 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!ChangeServiceConfig2W 764E71E1 5 Bytes JMP 7D24CA27 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!CreateServiceA 764E72A1 5 Bytes JMP 7D24D50E C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!EnumDependentServicesA 764E7505 5 Bytes JMP 7D24A110 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!EnumDependentServicesW 764E75D9 5 Bytes JMP 7D24A110 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!GetServiceDisplayNameA 764E76B1 5 Bytes JMP 7D24C40A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!GetServiceKeyNameA 764E7759 5 Bytes JMP 7D24C5B1 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!LockServiceDatabase 764E7801 5 Bytes JMP 7D24A12D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!QueryServiceConfig2A 764E7891 5 Bytes JMP 7D24C216 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!QueryServiceConfig2W 764E7A19 5 Bytes JMP 7D24C16A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!QueryServiceLockStatusA 764E7BA1 5 Bytes JMP 7D24A0CC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!QueryServiceLockStatusW 764E7C49 5 Bytes JMP 7D24A0CC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!UnlockServiceDatabase 764E7CF1 5 Bytes JMP 7D24A153 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ADVAPI32.dll!EnumServicesStatusW 764E7F61 5 Bytes JMP 7D24D25A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] RPCRT4.dll!RpcBindingInqAuthClientExW 773A73FC 5 Bytes JMP 7D24871D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] SHELL32.dll!ShellExecuteExW 7679C15D 5 Bytes JMP 7D25077C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] SHELL32.dll!SHOpenFolderAndSelectItems 7693D736 5 Bytes JMP 7D2509A4 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ole32.dll!RegisterDragDrop 774EF11D 5 Bytes JMP 7D254BFF C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ole32.dll!CoMarshalInterface 774F78AE 5 Bytes JMP 7D22984C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ole32.dll!CoUnmarshalInterface 774FB0F0 5 Bytes JMP 7D22AF65 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ole32.dll!CoGetClassObject 7750FAE8 5 Bytes JMP 7D22ACDC C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ole32.dll!CoCreateInstance 77529F3E 5 Bytes JMP 7D22AD79 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ole32.dll!CoCreateInstanceEx 77529F81 5 Bytes JMP 7D22AE2A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] ole32.dll!RevokeDragDrop 7754BA2B 5 Bytes JMP 7D254C87 C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USERENV.dll!RegisterGPNotification 76314485 5 Bytes JMP 7D25429C C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] USERENV.dll!UnregisterGPNotification 76316253 5 Bytes JMP 7D238E9D C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] Secur32.dll!LsaRegisterLogonProcess 762F7315 5 Bytes JMP 7D245A7B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] WS2_32.dll!connect 766E40D9 5 Bytes JMP 7D24625B C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] WS2_32.dll!WSANSPIoctl 766E9E1F 5 Bytes JMP 7D24619A C:\Users\xxx\Desktop\Tools\SbieDll.dll
.text C:\Users\xxx\AppData\Local\temp\D\launcher.exe[2800] WS2_32.dll!WSAConnect 766ED7B0 5 Bytes JMP 7D246280 C:\Users\xxx\Desktop\Tools\SbieDll.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd65b4f
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd6642e
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB3 0xAC 0x81 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0xBE 0x4E 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x97 0x7E 0x19 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4cd65b4f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4cd6642e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB3 0xAC 0x81 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0xBE 0x4E 0xDC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x97 0x7E 0x19 0xF8 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Grüße |
|
17.01.2014, 22:19
| #5 |
| | Browser laden extrem langsam Hat denn wirklich niemand eine Idee, wie ich das Problem lösen kann? Mittlerweile habe ich mitbekommen, dass ich manche Seiten normal öffnen kann, während sich andere gar nicht mehr öffnen lassen. Ich bin wirklich ratlos und würde mich sehr über Unterstützung freuen! |
|
07.09.2014, 14:40
| #6 |
| Administrator /// technical service   | Browser laden extrem langsam Hallo, leider wurde Dein Thema aus (technischen Gründen) übersehen. Da mehrere Antworten in Deinem Thema vorhanden waren, wurde es versehentlich als 'bereits in Arbeit' eingestuft. Dies bitten wir zu entschuldigen. Wir versuchen jedem Hilfesuchenden binnen kurzer Zeit zu antworten und Lösungen für das Problem anzubieten. Bitte erstelle ggf. ein neues Thema, damit sich ein Teammitglied deinem Problem annehmen kann. Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten? Vielen Dank für Dein Verständnis. |
|
| Themen zu Browser laden extrem langsam |
| 4d36e972-e325-11ce-bfc1-08002be10318, antivir, antivirus, avira, bonjour, browser, defender, desktop, device driver, dvdvideosoft ltd., email, excel, flash player, home, langsam, mozilla, mp3, newtab, object, plug-in, realtek, registry, rundll, secunia psi, security, services.exe, software, spotify web helper, svchost.exe, system, temp, wajam, windows |
Linear-Darstellung
