| |
| |||||||
Log-Analyse und Auswertung: Seltsames Script (www.xlbz.com) auf ALLEN Seiten in ChromeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.11.2014, 07:57
| #1 |
 |  Seltsames Script (www.xlbz.com) auf ALLEN Seiten in Chrome Hallo, ich habe vor kurzem einen Script Blocker in Chrome installiert und habe festgestellt das auf jeder Seite ein und das selbe Script ausgeführt wird. Das Script nennt sich "www.xlbz.com". Da mir das komisch vorkam habe ich das Script erst mal auf die Blacklist gesetzt. Über Google habe ich nur diese Seite gefunden: hxxp://www.xlbz.com/. Außerdem spuckt Google in Zusammenhang mit "xlbz" dieses Ergebnis aus: "Trojan-GameThief.Win32.OnLineGames.xlbz" (ob das was mit dem Script zu tun hat weiß ich nicht). Ich habe MBAM laufen lassen - ohne Ergebnis. In anderen Browsern wird dieses Script nicht ausgeführt. Also dachte ich, lasse ich das lieber mal checken. Falls das ein Fehlalarm ist, entschuldige ich mich schon mal im voraus. Anleitung habe ich befolgt. Hier die Ergebnisse: (FRST musste ich anhängen, da der Beitrag insgesamt zu groß war) defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 06:09 on 14/11/2014 (Jaq)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
ADDITION: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2014 02
Ran by Jaq at 2014-11-14 06:26:12
Running from C:\Users\Jaq\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Clear Sky Complete (HKLM-x32\...\{Clear Sky Complete v1.1.3}}_is1) (Version: - )
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version: - Codemasters Racing Studio)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Druckerdeinstallation für EPSON BX305 Series (HKLM\...\EPSON BX305 Series) (Version: - SEIKO EPSON Corporation)
EPSON BX305 Series Handbuch (HKLM-x32\...\EPSON BX305 Series Manual) (Version: - )
EPSON BX305 Series Netzwerk-Handbuch (HKLM-x32\...\EPSON BX305 Series Network Guide) (Version: - )
Epson Easy Photo Print 2 (HKLM-x32\...\{310C1558-F6B5-4889-98B0-7471966BA7F2}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3a - SEIKO EPSON CORPORATION)
F.E.A.R. 3 (HKLM-x32\...\Steam App 21100) (Version: - Day 1 Studios)
Full Combat Rebalance 2 version 1.2 (HKLM-x32\...\Full Combat Rebalance 2_is1) (Version: 1.2 - Andrzej Kwiatkowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{94A137EA-92EF-441C-A7E2-6757CC08EA82}) (Version: 5.0.10.2907 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.266 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.266 - LogMeIn, Inc.) Hidden
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.010 - MSI)
MyFreeCodec (HKU\S-1-5-21-297726166-2549663330-3191474699-1000\...\MyFreeCodec) (Version: - )
NVIDIA 3D Vision Controller-Treiber 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Perixx Gaming mouse version 1.0.6 (HKLM-x32\...\{2F606408-495F-4772-A3A7-BE0A31C4B261}_is1) (Version: 1.0.6 - )
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-297726166-2549663330-3191474699-1000\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.42.1045 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
The Evil Within Demo (HKLM-x32\...\Steam App 329960) (Version: - Tango Gameworks)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
Thunder Master v1.9 (HKLM-x32\...\{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1) (Version: 1.9.5.0 - Palit Microsystems Ltd.)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.7.2 - Electronic Arts)
Trine (HKLM-x32\...\Steam App 35700) (Version: - Frozenbyte)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.3 - VMware, Inc)
VMware Player (Version: 6.0.3 - VMware, Inc.) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wolfenstein The New Order German Edition [Full Uncut] 1.0.0.1 (HKLM-x32\...\Wolfenstein The New Order German Edition [Full Uncut] 1.0.0.1) (Version: - )
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
11-11-2014 11:24:56 DirectX wurde installiert
13-11-2014 02:03:38 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0B1DBA1B-961E-4DD3-B750-70E279B9ACCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-10] (Google Inc.)
Task: {BF70730C-613D-4132-B0B5-33921E81EC46} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {F8E7372A-43BC-4E01-9757-758CB90549A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-10] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-08-10 05:34 - 2014-11-03 23:02 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-25 15:01 - 2014-08-25 15:01 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-08-25 15:01 - 2014-08-25 15:01 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-08-25 15:01 - 2014-08-25 15:01 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-08-25 15:01 - 2014-08-25 15:01 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-04-17 10:02 - 2014-04-17 10:02 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-09-27 09:51 - 2005-07-18 12:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2014-08-29 07:39 - 2014-11-11 19:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 07:39 - 2014-11-11 19:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 07:39 - 2014-11-11 19:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-10 06:22 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-08-10 06:22 - 2014-11-12 02:04 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 07:39 - 2014-11-11 19:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 07:39 - 2014-11-11 19:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-08-10 06:22 - 2014-11-12 02:04 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-08-14 12:15 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-14 12:15 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-14 12:15 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-08-14 12:15 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-14 12:15 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-10 06:22 - 2014-11-11 19:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-10 06:29 - 2013-09-17 02:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll
2014-10-28 14:30 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 14:30 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 14:30 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 14:30 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-08-15 06:16 - 2014-11-11 19:48 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: AllShareAgent => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: ISCT Tray => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
MSCONFIG\startupreg: Live Update => C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Ocs_SM => C:\Users\Jaq\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
MSCONFIG\startupreg: trustGTX14 => "C:\Program Files (x86)\Trust\GXT14 Mouse\POINTERGHOST.exe" showhide
========================= Accounts: ==========================
Administrator (S-1-5-21-297726166-2549663330-3191474699-500 - Administrator - Disabled)
Gast (S-1-5-21-297726166-2549663330-3191474699-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-297726166-2549663330-3191474699-1005 - Limited - Enabled)
Jaq (S-1-5-21-297726166-2549663330-3191474699-1000 - Administrator - Enabled) => C:\Users\Jaq
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/13/2014 03:06:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDQuarantine.exe, Version 2.4.40.103 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: ec0
Startzeit: 01cfff4646763a75
Endzeit: 10
Anwendungspfad: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDQuarantine.exe
Berichts-ID:
Error: (11/13/2014 02:32:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDQuarantine.exe, Version 2.4.40.103 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 4d0
Startzeit: 01cfff4604f95f93
Endzeit: 10
Anwendungspfad: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDQuarantine.exe
Berichts-ID:
Error: (11/13/2014 02:30:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDQuarantine.exe, Version 2.4.40.103 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: cc4
Startzeit: 01cfff4532a59be7
Endzeit: 0
Anwendungspfad: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDQuarantine.exe
Berichts-ID:
Error: (11/11/2014 00:24:47 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [0]
Error: (11/10/2014 03:13:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm witcher2.EXE, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1560
Startzeit: 01cffceb59804d82
Endzeit: 120
Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\bin\witcher2.EXE
Berichts-ID:
Error: (11/10/2014 06:07:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm witcher2.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1adc
Startzeit: 01cffca3e62f8165
Endzeit: 23
Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\bin\witcher2.exe
Berichts-ID:
Error: (11/10/2014 06:06:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm witcher2.EXE, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1670
Startzeit: 01cffca3e76d0cf3
Endzeit: 0
Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\bin\witcher2.EXE
Berichts-ID:
Error: (11/10/2014 05:59:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm witcher2.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: df0
Startzeit: 01cffca29ff5e4cb
Endzeit: 31
Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\bin\witcher2.exe
Berichts-ID:
Error: (11/10/2014 05:59:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm witcher2.EXE, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1b40
Startzeit: 01cffca2a2d8e8d7
Endzeit: 4
Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\bin\witcher2.EXE
Berichts-ID:
Error: (10/29/2014 01:41:54 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "(C:)" wurde aufgrund eines Fehlers nicht defragmentiert: Die Startoptimierung konnte aufgrund fehlenden Speicherplatzes nicht abgeschlossen werden. (0x89000019)
System errors:
=============
Error: (11/14/2014 05:05:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/14/2014 05:05:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.
Error: (11/14/2014 05:04:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/14/2014 05:04:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (11/13/2014 05:16:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (11/13/2014 05:16:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computerbrowser" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/13/2014 05:16:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Browser erreicht.
Error: (11/13/2014 00:39:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/13/2014 00:39:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (11/13/2014 00:36:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (11/13/2014 03:06:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDQuarantine.exe2.4.40.103ec001cfff4646763a7510C:\Program Files (x86)\Spybot - Search & Destroy 2\SDQuarantine.exe
Error: (11/13/2014 02:32:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDQuarantine.exe2.4.40.1034d001cfff4604f95f9310C:\Program Files (x86)\Spybot - Search & Destroy 2\SDQuarantine.exe
Error: (11/13/2014 02:30:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDQuarantine.exe2.4.40.103cc401cfff4532a59be70C:\Program Files (x86)\Spybot - Search & Destroy 2\SDQuarantine.exe
Error: (11/11/2014 00:24:47 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [0]
Error: (11/10/2014 03:13:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: witcher2.EXE0.0.0.0156001cffceb59804d82120C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\bin\witcher2.EXE
Error: (11/10/2014 06:07:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: witcher2.exe0.0.0.01adc01cffca3e62f816523C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\bin\witcher2.exe
Error: (11/10/2014 06:06:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: witcher2.EXE0.0.0.0167001cffca3e76d0cf30C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\bin\witcher2.EXE
Error: (11/10/2014 05:59:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: witcher2.exe0.0.0.0df001cffca29ff5e4cb31C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\bin\witcher2.exe
Error: (11/10/2014 05:59:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: witcher2.EXE0.0.0.01b4001cffca2a2d8e8d74C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\bin\witcher2.EXE
Error: (10/29/2014 01:41:54 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (C:)Die Startoptimierung konnte aufgrund fehlenden Speicherplatzes nicht abgeschlossen werden. (0x89000019)
CodeIntegrity Errors:
===================================
Date: 2014-10-09 05:02:50.185
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-09 05:02:50.122
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-09 05:02:35.655
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-09 05:02:35.493
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-09 04:59:39.040
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-09 04:59:38.968
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-09 04:58:03.221
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-09 04:58:03.150
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-09 04:56:13.197
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-09 04:56:13.120
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\MBWrp64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 48%
Total physical RAM: 8135.95 MB
Available physical RAM: 4165.19 MB
Total Pagefile: 16270.08 MB
Available Pagefile: 11194.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:335.35 GB) (Free:24.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (465GB) (Fixed) (Total:465.75 GB) (Free:77.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 335.4 GB) (Disk ID: 000E0246)
Partition 2: (Active) - (Size=335.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 8D399BC0)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-14 07:04:12
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3360320AS rev.3.AAM 335,35GB
Running: Gmer-19357.exe; Driver: C:\Users\Jaq\AppData\Local\Temp\uwldypow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fc1000 16 bytes [48, FF, C2, 49, FF, C8, 0F, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff80002fc1011 2 bytes [03, CA]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075031401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075031419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075031431 2 bytes JMP 75418ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007503144a 2 bytes CALL 753748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750314dd 2 bytes JMP 754187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750314f5 2 bytes JMP 75418978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007503150d 2 bytes JMP 75418698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075031525 2 bytes JMP 75418a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007503153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075031555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007503156d 2 bytes JMP 75418f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075031585 2 bytes JMP 75418ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007503159d 2 bytes JMP 7541865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750315b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750315cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750316b2 2 bytes JMP 75418e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750316bd 2 bytes JMP 754185f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075031401 2 bytes JMP 7539b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075031419 2 bytes JMP 7539b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075031431 2 bytes JMP 75418ea9 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007503144a 2 bytes CALL 753748ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750314dd 2 bytes JMP 754187a2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750314f5 2 bytes JMP 75418978 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007503150d 2 bytes JMP 75418698 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075031525 2 bytes JMP 75418a62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007503153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075031555 2 bytes JMP 753968ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007503156d 2 bytes JMP 75418f61 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075031585 2 bytes JMP 75418ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007503159d 2 bytes JMP 7541865c C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750315b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750315cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750316b2 2 bytes JMP 75418e24 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[1172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750316bd 2 bytes JMP 754185f1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075031401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075031419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075031431 2 bytes JMP 75418ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007503144a 2 bytes CALL 753748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750314dd 2 bytes JMP 754187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750314f5 2 bytes JMP 75418978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007503150d 2 bytes JMP 75418698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075031525 2 bytes JMP 75418a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007503153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075031555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007503156d 2 bytes JMP 75418f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075031585 2 bytes JMP 75418ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007503159d 2 bytes JMP 7541865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750315b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750315cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750316b2 2 bytes JMP 75418e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750316bd 2 bytes JMP 754185f1 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\vmnat.exe[4040] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 0000000074c513b0 2 bytes JMP 75b85660 C:\Windows\syswow64\SHELL32.dll
.text C:\Windows\SysWOW64\vmnat.exe[4040] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 0000000074c513c0 2 bytes CALL 75549cee C:\Windows\syswow64\msvcrt.dll
.text ... * 20
.text C:\Windows\SysWOW64\vmnat.exe[4040] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 0000000074c5153e 2 bytes CALL 75c1777c C:\Windows\syswow64\SHELL32.dll
.text C:\Windows\SysWOW64\vmnat.exe[4040] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 0000000074c51553 2 bytes CALL 753710ff C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075031401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075031419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075031431 2 bytes JMP 75418ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007503144a 2 bytes CALL 753748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750314dd 2 bytes JMP 754187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750314f5 2 bytes JMP 75418978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007503150d 2 bytes JMP 75418698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075031525 2 bytes JMP 75418a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007503153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075031555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007503156d 2 bytes JMP 75418f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075031585 2 bytes JMP 75418ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007503159d 2 bytes JMP 7541865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750315b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750315cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750316b2 2 bytes JMP 75418e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750316bd 2 bytes JMP 754185f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075031401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075031419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075031431 2 bytes JMP 75418ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007503144a 2 bytes CALL 753748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000750314dd 2 bytes JMP 754187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000750314f5 2 bytes JMP 75418978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007503150d 2 bytes JMP 75418698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075031525 2 bytes JMP 75418a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007503153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075031555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007503156d 2 bytes JMP 75418f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075031585 2 bytes JMP 75418ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007503159d 2 bytes JMP 7541865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000750315b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000750315cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000750316b2 2 bytes JMP 75418e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[5252] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000750316bd 2 bytes JMP 754185f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075031401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075031419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075031431 2 bytes JMP 75418ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007503144a 2 bytes CALL 753748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750314dd 2 bytes JMP 754187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750314f5 2 bytes JMP 75418978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007503150d 2 bytes JMP 75418698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075031525 2 bytes JMP 75418a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007503153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075031555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007503156d 2 bytes JMP 75418f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075031585 2 bytes JMP 75418ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007503159d 2 bytes JMP 7541865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750315b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750315cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750316b2 2 bytes JMP 75418e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750316bd 2 bytes JMP 754185f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075031401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075031419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075031431 2 bytes JMP 75418ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007503144a 2 bytes CALL 753748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750314dd 2 bytes JMP 754187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750314f5 2 bytes JMP 75418978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007503150d 2 bytes JMP 75418698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075031525 2 bytes JMP 75418a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007503153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075031555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007503156d 2 bytes JMP 75418f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075031585 2 bytes JMP 75418ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007503159d 2 bytes JMP 7541865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750315b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750315cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750316b2 2 bytes JMP 75418e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750316bd 2 bytes JMP 754185f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075031401 2 bytes JMP 7539b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075031419 2 bytes JMP 7539b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075031431 2 bytes JMP 75418ea9 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007503144a 2 bytes CALL 753748ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750314dd 2 bytes JMP 754187a2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750314f5 2 bytes JMP 75418978 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007503150d 2 bytes JMP 75418698 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075031525 2 bytes JMP 75418a62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007503153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075031555 2 bytes JMP 753968ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007503156d 2 bytes JMP 75418f61 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075031585 2 bytes JMP 75418ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007503159d 2 bytes JMP 7541865c C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750315b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750315cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750316b2 2 bytes JMP 75418e24 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750316bd 2 bytes JMP 754185f1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075031401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075031419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075031431 2 bytes JMP 75418ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007503144a 2 bytes CALL 753748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750314dd 2 bytes JMP 754187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750314f5 2 bytes JMP 75418978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007503150d 2 bytes JMP 75418698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075031525 2 bytes JMP 75418a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007503153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075031555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007503156d 2 bytes JMP 75418f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075031585 2 bytes JMP 75418ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007503159d 2 bytes JMP 7541865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750315b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750315cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750316b2 2 bytes JMP 75418e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750316bd 2 bytes JMP 754185f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075031401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075031419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075031431 2 bytes JMP 75418ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007503144a 2 bytes CALL 753748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750314dd 2 bytes JMP 754187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750314f5 2 bytes JMP 75418978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007503150d 2 bytes JMP 75418698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075031525 2 bytes JMP 75418a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007503153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075031555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007503156d 2 bytes JMP 75418f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075031585 2 bytes JMP 75418ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007503159d 2 bytes JMP 7541865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750315b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750315cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750316b2 2 bytes JMP 75418e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750316bd 2 bytes JMP 754185f1 C:\Windows\syswow64\kernel32.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6398E31B-1811-405F-8FBA-6767784B1FCA}@LeaseObtainedTime 1415944335
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6398E31B-1811-405F-8FBA-6767784B1FCA}@T1 1415944462
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6398E31B-1811-405F-8FBA-6767784B1FCA}@T2 1415944558
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6398E31B-1811-405F-8FBA-6767784B1FCA}@LeaseTerminatesTime 1415944590
---- EOF - GMER 2.1 ----
|
Baum-Darstellung